Wednesday, 16 December 2020 12:11

When did FireEye know its defences had been breached? Featured

0
Shares
By
Image by succo from Pixabay

ANALYSIS When did American cyber security firm FireEye become aware that it had been compormised and its crown jewels — its Red Team tools — stolen?

The company announced the theft on 8 December AEDT, but even yesterday (Tuesday) has no comment to offer as to when it became aware of the compromise.

An inquiry from iTWire merited this response from a FireEye spokeswoman on Tuesday: "This is an active investigation and we are not releasing a breakdown of the timeline."

Tech industry sources have told iTWire that rumours about a break-in at FireEye have been floating around at least since 30 October.

Additionally, a Danish firm, CSIS Cyber, says FireEye was informed about intrusions into a number of its internal systems by the Trickbot trojan, again as early as October.

CSIS Cyber's Peter Kruse tweeted: "We at @csis_cyber have notified @ FireEye about several compromised internal machines as well as clients logging into their services happening up until October 2020. All popped by #trickbot and one likely sold in December 2019."

FireEye has also been accused of having poor security for its Internet-facing infrastructure; the claim was made by Andy Jenkinson, chief executive of UK-based Cybersec Innovation Partners, a company that does PKI discovery and also claims to be "management experts for all Internet-facing and internal security".

The game has been given away to some extent by a detailed study, the results of which FireEye released on Monday AEDT. No less than 43 of its staff were named as being involved in that research – plus three more from Microsoft.

Such an exercise could not have been done overnight and not even in a week or two. It would have taken months of painstaking and irritating work, especially since the company could not afford to put a foot wrong as its reputation was at stake.

So was FireEye continuing to sell its services to other companies after it was breached, without informing them about the breach? That is the $64 million question.

Given that it is a publicly listed firm, FireEye had no option but to come out and make a statement about the goings-on within its network. Additionally, given the profile that it has built up for itself, it would have been conscious that it could not indulge in braggadocio as it has often done in the past.

It must have taken a great deal of control on the part of chief executive Kevin Mandia — normally a man given to much flamboyance and announcements about attribution at the drop of a hat — to provide a restrained account and eat crow in public.

But he will be able to draw the curtain on this episode only after he comes out in the open and tells world+dog when his firm was breached, accepts responsibility — no matter what software was used to breach FireEye's defences, the security firm is supposed to be the guardian, not the exploited — and apologises to all and sundry.

The CEO generally takes the rap when things go bad at a company. Mandia would do well to bear that in mind – and also the thought that there are likely to be several other well-qualified techies waiting in the wings, and salivating at the thought of heading FireEye themselves.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Latest from Sam Varghese

Related items

More in this category: « Security, privacy, cloud and technology resilience top of mind for IT audit sector
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top