Let’s update on that FireEye attack getting significant coverage. The firm has indicated that it has fallen victim to a hack that is believed to be the work of Russian actors. Confirmed on Tuesday, the break was a “highly sophisticated state sponsored adversary”, which resulted in the acquisition of the “red team tools”, which are the tools used to test customer’s security and are designed to mimic tools used by many threat actors.
Why do we care?
If you were reading a lot of the coverage of this story, you would think this is apocalyptic. One security officer notes that the most important data a company like FireEye has is their customers, and the second is their sources and methods used to protect those customers. Down the list is the tools – and those items above were not leaked.
Additionally, the tools compromised do not use zero-day exploit, which are those secret, unpatched vulnerabilities.
My takeaway here on why we care is that nuance, particularly as everyone is now required to be a lot more educated on security. This isn’t a binary “hacked or not hacked”, and instead understanding the damage. Additionally, take that set of lessons. Most important to protect is your customer data, then your methodology, and then your tools… and that’s what you also need to protect FOR your customers, in that order.
Source: Bleeping Computer