People, Industries, Client Stories, News. Search it Here.

  • About Us
  • Industries
  • Services
  • People
  • Insights
  • Events
  • Careers
  • Contact
  • Privacy Policy
  • Site Map
  • Terms and Conditions
Search
Subscribe
Client Login
Friedman Alliance
  • Instagram
  • YouTube
  • Facebook
  • LinkedIn
  • Twitter
Menu
Friedman LLP
  • About Us
  • Industries
  • Services
  • People
  • Insights
  • Events
  • Careers
  • Contact
About Us
  • Overview
  • Awards
  • Purpose and Values
  • Diversity and Inclusion
  • DFK International
  • Friedman Gives Back
  • Women's Development Network
  • Merge With Us
  • Friedman Alliance
  • Client Experiences
Industries
  • Agriculture
  • Architecture & Engineering
  • Automotive
  • Construction
  • Digital Currency
  • Entertainment & Gaming
  • Financial Services
    • Forensic and Support Services for Lenders
    • Paycheck Protection Program Forgiveness Services for Banks
  • Health Care
  • Hospitality
  • Law Firms
  • Life Sciences
  • Manufacturing, Distribution & Retail
    • Consumer Products
    • Diamond & Jewelry
    • Fashion
  • Multimedia
  • Nonprofit
  • Real Estate
    • Affordable Housing
    • Owner/Developer
    • REITs
  • Restaurants
  • Technology
Services
  • Accounting, Audit & Assurance
    • Employee Benefit Plan Audits
  • Asia Practice
    • China Practice
    • 中国 业务
  • COVID-19 Recovery and Growth Consulting
  • Cybersecurity Consulting | CyZen
  • Distressed Loan Workouts For Lenders and Borrowers
  • Economic & Statistical Consultants (Eco-Stat LLC)
  • Financial Institutions Consulting
  • Financial Recruiting Services
  • Forensic, Litigation & Valuation Services
    • Business Recovery
    • Divorce and Matrimonial
    • Economic Damage Analysis
    • Forensic Accounting and Fraud Investigation
    • Securities and Class Action
    • Structured Finance Litigation
    • Valuation
  • Governance, Risk & Compliance
  • International Services
  • Outsourced Accounting
  • Pension Administration Services | Benefits 21 LLC
  • Public Company Services
  • Qualified Opportunity Zone Consulting
  • Tax
    • Corporate & Business Tax
    • Estate & Trust
    • Family Office
    • International Tax
    • State & Local Tax (SALT)
    • Tax Controversy
    • Transfer Pricing
  • Transaction Advisory Services
    • Quality of Earnings
Careers
  • Campus Hires
  • Experienced Hires
Friedman LLP

PUBLICATION: December 17, 2020

FireEye Hacked! What this means for the rest of us.

Processing...

Everyone is susceptible to successful cyber-attack, even one of the world’s best cybersecurity firms: FireEye. You may have heard the name prior to the recent reports of a breach, as people from FireEye are frequently guests on national news shows or quoted in national and international publications.

Let’s take a closer look at the recent breach at FireEye, which is even more evidence that cybersecurity strategies need to emphasize detection, response and recovery, as prevention is only one piece of effective cybersecurity programs.

Over the last few years, hackers have increasingly targeted service providers – from developers to outsourced IT service companies – and the FireEye breach suggests that trend continues today. Despite FireEye being a top-tier security company that Fortune 500 companies, governments and even the FBI hires for their cybersecurity services, they were still hacked. If this does not convince you that anyone can be hacked, what will?

The Significance of the FireEye Hack

You may be asking “If everyone can be hacked, why spend so much on cybersecurity?” Well, any home can be broken into but you still lock the doors and enable the alarm. Cybersecurity is the deadbolt and chain, the alarm and the call to emergency services – in this analogy the deadbolt is the prevention phase, while the alarm and emergency call are detection and response, respectively. To extend the analogy, the FireEye security breach is like a thief getting the master key to an apartment complex (or to the lockbox that contains all the original keys). These hackers may now have a much easier time breaking in to the complex’s units (or FireEye clients) without breaking the physical locks that would otherwise trigger an alarm. With more sophisticated thieves, you may have a greater need to review your investment in cybersecurity.

FireEye has acknowledged the hackers have made off with a copy of their proprietary tools for assessments and performing penetration tests on their clients. This is an issue because the only difference between a penetration tester and a criminal hacker is ethics. Tools created and used by ethical hackers like the penetration testers at FireEye (or here at CyZen for that matter) are a gift to criminals – it’s like having a better lock pick. While these tools might not benefit state-sponsored clandestine operations like those allegedly behind the attack on FireEye, it can still be useful, if only as something they can sell on the dark web. Better tools in the hands of a thief warrants double checking the locks on your door.

It is not known is what else may have been stolen. FireEye, as of its initial news release, could not rule out the possible exfiltration of client information, reports on detected vulnerabilities or the trending data for detected weaknesses. This information could expose FireEye’s clients unless the documented vulnerabilities have already been addressed. Trending data could enable attacks on a network that succeed faster and help criminals remain undetected. Dwell time is a key metric in cybersecurity – how long does an attack go on without being detected. Ask yourself “how long does it take emergency services to respond to a call from central station? Can your business live that long?”

Any time a managed service provider (“MSP”) or managed security service provider (“MSSP”) is hacked, there is a concern that hackers may also attack the victim’s clients. FireEye sells and services network and email threat detection appliances. This service is typically done remotely. The hacker may now have tools and information that will allow them to use FireEye appliances to snoop on networks utilizing the company’s security monitoring and threat detection tools without being discovered. To do so, the hacker would likely need to convince the client to enable the remote access features and enable shell access. This may be enough of a barrier to prevent intrusion, but the threat is significant enough to warrant mentioning. The takeaway for you is to ask: What monitoring technology do you have in place? Can it detect activity by users and systems that are outside the norm?

Takeaways and Response Recommendations

As a business operating in the 21st century, you already know you’re at risk of cyberattack, so what does the FireEye hack change? It boils down to escalation. Hackers may now have a new set of industry-leading tools that could enable them to attack companies and networks without being detected. The good news is there are things you can do to ensure the threats are reduced:

  • First off, if you are a FireEye customer, you want to update passwords and rotate access certificates for their managed services. Contact your client representative for assistance.
  • If it has been some time since your last vulnerability and risk assessments, now is a good time to schedule these with a service provider.
  • Speak with your IT and security teams to have them double and triple check that your security configuration is up to date – many companies are behind due to the pandemic.

If you need help, CyZen, a Friedman LLP powered company, is ready to assist with everything from assessments to 24x7 logging monitoring and response management. CyZen offers a variety of packages to meet your company’s technological needs. We do not sell software or hardware, but lead with our expertise and services. First, we make sure the solutions you have are working as expected. Then we ensure they are fully utilized for effective and efficient operations and security. When there is a compelling need, we may suggest adding or replacing a solution – our product is our service and people, not widgets. By emphasizing a high-touch, personal approach we are able to make real security the priority.

Need Cybersecurity services?

Contact us today by visiting us at CyZen – Cybersecurity Consultants – Infosec Services, emailing info@cyzen.io or calling 212.842.7005.

Like this article and want more current information? Check out our website cyzen.io, and follow us: CyZen on LinkedIn.

  • Share

Insights

Insights

Back to Insights

Related Services

Related Services
  • Cybersecurity Consulting | CyZen, A Friedman LLP Company

People

People
  • Michael J. Schenck
    Michael J. Schenck
    Senior Cybersecurity Consultant
    MSchenck@cyzen.io p332.216.0752

Subscribe

Subscribe

© 2021 Friedman LLP All Rights Reserved.
  • Privacy Policy
  • Site Map
  • Terms and Conditions

Designed and developed by Greenfield/Belser Ltd.

DFK International