Weekly Roundup: A Huge Cyberattack on FireEye’s Red Team Tools

In this week’s roundup, we discuss:

• How cybersecurity company FireEye was under attack (and what that means for us)
• How Apple is enforcing user security with the new App Tracking Transparency framework
• How Foxconn is dealing with a massive ransomware attack 

Here are the top cybersecurity stories of this week. 

A Shocking Nation-Run Cyberattack on FireEye 

FireEye, one of the biggest cybersecurity companies in the United States, experienced a cyberattack last Tuesday. The company shared a disclosure sharing all the details about the recent attack in a blog post to educate the online community and get some brownie points too. 

But this is kind of a big deal: it’s like an animal control company being attacked by animals. It’s not good. These guys are supposed to have the biggest defenses, and then this happens. 

FireEye’s CEO, Kevin Mandia, shared a few inside details about what happened during this top-tier cyberattack. According to Kevin, attackers went after information related to certain government customers and gained access to FireEye’s Red Team assessment tools that are used during client engagements to test their security vulnerabilities. 

But fortunately, these assessment tools don’t contain any zero-day exploits and not a single cyberattacker have used FireEye’s tools to carry out other high-level attacks.

That said, we need to worry more about what’s to come with the intelligence they did get ahold of:

The FireEye breach isn’t really about red team tools or customer data.

It’s about possibly stolen confidential intelligence data on high profile threat groups.

I mean, they know more about some actors than most states’ intelligence apparatus.

— Florian Roth (@cyb3rops) December 9, 2020

The FireEye GitHub Response

The treasure trove of tools are important for both RedEye and their customers. To combat this large-scale attack, FireEye shared over 300 countermeasures on Github repository for the online community and their own customers. This can help users to block malicious RedEye tools in the future and help other users leverage industry-winning frameworks. That’s applaudable. 

Another piece of good news is that stolen FireEye tools are open-source and available for anyone to use. However, these are enhanced for specific use cases and customers.  Now that FireEye has shared this information in the wild, don’t assume it’ll be easy to exploit; they’ll constantly be releasing patches and updates to ensure their tools are protected so cyberattackers shouldn’t consider this a win.

Is FireEye saying this is a state-run cyberattack out of convenience or the company is as transparent as they say they are? 

If you follow our weekly roundups, then you’ll know how easy it is to launch a phishing attack at a company with over thousand employees. All it takes is one non-tech employee to click on a malicious link and the domino effect starts. 

Imagine a cybersecurity company like FireEye had to deal with this problem when they are at the frontline defense for such attacks. Cyberattacks are truly getting more sophisticated over time. 

Therefore, to answer the question, it’s not like they have much of a choice; and it still doesn’t bode well for them to be hacked when they’re basically supposed to be the toughest in the business. 

Apple is Winning Hearts on its New Privacy Feature

Are you an iPhone or Mac user? You are going to love this news. Apple will be blocking every third-party mobile app if they fail to follow the privacy guidelines set by the company. In this new feature, third-party mobile apps can no longer track user data and information without consent. 

Apple is calling it the “AppTrackingTransparency” framework which will give users authority on what’s being tracked instead of putting the control in the hands of third-party apps. Speaking of tracking, Google, Amazon, Messenger, and Facebook may not feel happy to hear this news as they religiously track data for the sole purpose of showing targeted ads on online platforms and sometimes sell your user data. 

This new framework will force third-party apps to share the reason why they are tracking user information with end users. Apple knows every iOS user is entitled to their privacy rights and they are doing their best to execute this idea. We are waiting for these third-party or data-mining companies to come up with a worthwhile reason to answer that question when the notification pops up. 

You can’t compromise on location data because when we say “They sell your private data to the highest bidder or an interested party”, we actually mean it.  Many companies do it without even you realizing it.

Predicio, a French data broker who was caught selling location data harvested from ordinary smartphone apps to the US defense contractor Venntel, also provides ‘foot traffic data’ in partnership with Aspectum, another US company who sells to law enforcement and homeland security. pic.twitter.com/iYVcWNG4ID

— Wolfie Christl (@WolfieChristl) December 14, 2020

Tackling Privacy Concerns One Framework at a Time

This is good news for iPhone users in particular but bad news for app developers. Apple is taking a stand on privacy rights and ensuring other companies follow the new framework as well. That smells like leadership to us. 

While the new framework may not be released until February 2021, we are delighted that Apple has finally taken notice of privacy-eroding mobile apps. As there are many mobile apps that carve out user information, Apple’s framework will streamline the type of information that you share. 

Foxconn Hit by a Massive Ransomware Attack on Thanksgiving 

DoppelPaymer, a high-level ransomware group, attacked Foxconn’s North American facility on November 29, 2020 and stole 100 gigabytes worth of company files and documents. The company confirmed there was a breach in their server and the ransomware attackers demanded more than $34 million in Bitcoin.

After giving Foxconn a warning, DoppelPaymer has also shared some business documents on their Tor website. 

         (Picture credits: Bleeping Computer)

Maybe you don’t care about Foxconn. After all, you don’t realize their reach. But consider this: the iPhone that you are using right now is most probably built by Foxconn, one of the largest electronics manufacturers in the world. In short, it’s a huge company. 

Nonetheless, the ransomware group has only managed to encrypt 1,200 servers and deleted up to 30 terabytes of backup. (Clearly, they’re big enough to have more servers and more reach.) Foxconn is gradually getting back to their normal services but we have no clue whether or not they will cave by paying the ransom. 

It’s high time major companies should start hiring ethical hackers to combat these issues. 

To wrap up this Weekly Cybersecurity News Roundup, we would like to share something that happened today with everyone online: 

Today, at 3.47AM PT Google experienced an authentication system outage for approximately 45 minutes due to an internal storage quota issue. This was resolved at 4:32AM PT, and all services are now restored.

— Google Cloud (@googlecloud) December 14, 2020

And our whole team was like: 

via GIPHY

…questioning our existence for 30 minutes until things get back to normal. (Fortunately, our US-based editor missed most of it!)