Wednesday, December 9, 2020

FireEye Hacked, missed opportunity to shut up

Big news this week as FireEye makes the charts with yet another high profile cyber incident.


Looks like their toolkit of weaponized exploits that makes use of mostly known vulnerabilities was lifted.


https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html


As I heard and read this, I thought... yeah .. so what...  Everyone can get hacked, this is just the one before the next one.


However, they seem to put so much emphasis on "their weaponized tools" almost like they want to seem all cool by bragging that their toolkit is so awesome.


Lets take a look at that....  If you had a nuclear weapon... wouldn't you:


1) Have it watched 24x7.

2) Have detailed logging of everyone who comes near it.

3) Have alerts and alarms and all sorts of cool stuff to protect it.


So I guess they failed on a few things.


But here are a few more.  These exploits appear to be making use of mostly documented CVE's


So nothing that is truly a zero day in the sense that it would be fully unknown.  They probably have some juicy ones that they are not yet talking about....



Here is the real kicker... they publicly disclosed that they would now make tools available to their clients to detect these attacks.


This is my WTF moment.   Why not have made this available to their clients before this breach.


Do they really think that no one on the planet would have found these "known" vulnerabilities?


or did they simply want to continue milking these vulnerabilities with their own clients when they do penetration tests so they can score.


Perhaps they shouldn't have tossed that out there to be torn apart ;-)

What I call a missed opportunity to shut up.   Not about the breach, but about their great offer to now protect their clients.....


Some serious ethics questions can surface from all this.


Food for thought.


_______________________________________________


Eric Parent is a senior security expert (and seasoned pilot), specialized in coaching senior executives.  He teaches CyberSecurity at l'Ecole Polytechnique and HEC Universities in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.


Follow Eric on:

Twitter @ericparent

LinkedIn :  EVA-Technologies



www.eva-technologies.com





at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Are we even trying over at BRP

This will be a short blog entry.  Essentially, a general observation. If your enterprise was breached and screenshots of user account passwo...