Cyber Market Pulse – Red Team Hacking Tools Stolen from FireEye

FireEye – one of the leading advanced cybersecurity solutions companies – revealed December 8th that it was attacked by a likely state-supported adversary, and that FireEye tools were stolen (the Wall Street Journal reports that signs point to the Russian foreign intelligence service).  These tools, it warned, could be used maliciously by cyberattackers.  FireEye also stated that it has developed over 300 countermeasures, made publicly available, to broadly help companies and individuals concerned about this release of hacking tools.  Multiple media sources are reporting on the attack, here’s one having a link to the countermeasures:  https://www.theverge.com/2020/12/9/22165027/fireeye-cybersecurity-attack-red-team-tools

The countermeasures can also be found here:  https://github.com/fireeye/red_team_tool_countermeasures.

IR Global members should ask their IT and security partners about new risks arising from this attack and how your provider is incorporating the newly released countermeasures.  Also, there is a broader concern about what a nation-state attack on a leading US cybersecurity company suggests about how businesses are supposed to defend themselves.  It seems timely to note here that one controversial initiative recently taken by the US Treasury is to impose duties – and create legal exposure – upon companies suffering ransomware attacks.  eosEdge Legal will share more about initiatives to build capacity and to make advanced cybersecurity more widely available and affordable; but, here are immediate actions companies should implement as cyberattack risks continue to rise: 

  1. Make cybersecurity an executive level responsibility, with a program, meetings, oversight, etc.
  2. Obtain cyber insurance (see the IR Global cybersecurity and insurance webpage)
  3. Implement an Incident Response Plan (including a legal orchestrator to widely institute privilege, and a trusted incident response partner)
  4. Establish information sharing as a best practice (e.g., join a cyber threat information sharing community)
  5. Consider advanced cyber threat preventive measures (‘invisibility’ features, encryption, trusted interconnection, detection)

Please contact eosEdge Legal if you have any questions regarding the new risks presented or ways to manage and reduce risk. The new Cyber Security and Insurance area on IR Digital is a good starting point – https://www.irglobal.com/cyber-security-crisis-preparedness/