- FireEye, a security company aimed at detecting and preventing cyberattacks, suffered a "highly sophisticated cyber threat actor," according to a Form 8-K disclosure the business filed with the Securities and Exchange Commission.
- CEO Kevin Mandia, the Federal Bureau of Investigation and other partners such as Microsoft deduced that a state-sponsored actor "with top-tier offensive capabilities" led an espionage-motivated attack. Attackers targeted FireEye's Red Team assessment tools used to test security, primarily seeking information on the company's government customers.
- FireEye reports no evidence that the attacker used stolen tools or exfiltrated data. The company is providing over 300 countermeasures to customers and its community at large to minimize potential damage, according to the report.
FireEye prides itself on "relentless protection" and a track record of detecting new cyberthreat groups, but a target on its back for its government contracts hit an Achilles' heel.
"Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers," Mandia wrote in a company blog post. While the attacker accessed internal systems, FireEye reiterates no data infiltration from it's incident response, consulting engagements or metadata systems.
But the incident could sow doubt in customers. If a cybersecurity firm can't protect itself, how can clients be sure it'll keep them safe?
On average, companies take 280 days to detect and contain a breach — closer to 315 days if that breach is rooted in malicious attacks, according to data from IBM and Ponemon Institute. Remote work slows response time and as FireEye looks ahead to recovery and mitigation, it's actions will determine if the company can rebuild customer trust.
Companies such as Home Depot, for example only recently reached resolution on a 2014 data breach. The company guaranteed payouts and to employ a chief information security officer as a part of mitigation efforts.
FireEye is detailing it's response measures publicly on GitHub and plans to keep customers updated as new measures occur, according to the company. "We have learned and continue to learn more about our adversaries as a result of this attack, and the greater security community will emerge from this incident better protected," Mandia said.