FireEye
Latest
Cybersecurity firm FireEye says state-sponsored hackers stole its tools
FireEye, one of the largest cybersecurity firms in the US, says it believes it’s been the victim of a state-sponsored hacking attack that saw the theft of internal tools it uses to conduct penetration testing for other companies.
Chinese digital spying is becoming more aggressive, researchers say
FireEye, a US cybersecurity firm, says that it has seen a concerning spike in activity from what appears to be a Chinese hacking group called APT41. The attacks are being deployed against companies in the US, Canada, the UK and several other counties, which is atypical of Chinese hackers' typical strategy of focusing on a few particular targets. According to FireEye's report, the group is exploiting software flaws in applications and hardware developed by Cisco, Citrix and others to gain access to target companies' networks and download files via FTP, among other strategies. According to the firm, the attacks began on January 20th, dipped during the Chinese New Year celebrations and COVID-19 quarantine measures and are now back at full scale, affecting 75 of FireEye's customers.
Facebook takes down more fake accounts from Iran
Today, Facebook removed 51 accounts, 36 Pages, seven groups and three Instagram accounts that were involved in "coordinated inauthentic behavior" based in Iran. According to the company, the individuals responsible pretended to be located in the US and Europe, impersonated news organizations and journalists in the Middle East and tried to contact public figures under the guise.
Evidence mounts that Russian hackers are trying to disrupt the EU elections
Russian hackers are targeting government systems ahead of the EU parliament election, according to cybersecurity company FireEye. The firm says that two state-sponsored hacking groups -- APT28 (aka Fancy Bear) and Sandworm -- have been sending out authentic-looking phishing emails to officials in a bid to get hold of government information.
Ryuk ransomware banks $3.7 million in five months
The Ryuk ransomware hasn't just causing grief for newspapers -- it's also quite lucrative for its operators. Researchers at CrowdStrike and FireEye both estimate that the code has produced the equivalent of $3.7 million in bitcoin since August, spread across 52 payments. The key, analysts note, is the willingness to be patient and focus on big targets.
Facebook pulls hundreds of 'inauthentic' pages linked to Iran and Russia
Once again, Facebook is notifying the media that it has mass-removed accounts exhibiting "coordinated inauthentic behavior on Facebook and Instagram." This time around, Mark Zuckerberg said the cull caught up 652 pages that it says were linked to a campaign originating in Iran, as well as an unspecified number of accounts linked to Russian military intelligence services. Like Microsoft's announcement last night and Facebook's last notice in July, these changes are part of a push for security around elections happening in 2018, including the just-concluded events in Mexico, and the US midterms in November. While Facebook attributed the moves announced today to four separate investigations, it acknowledged that security company FireEye tipped it off to a network of sites starting with "Liberty Front Press." Facebook connected the page's backers to Iranian state media, saying that some of the accounts were created as early as 2013, while targeting viewers in the Middle East, UK, US and Latin America. One of the pages had 155,000 followers, and one of its Instagram accounts notched 48,000 followers. While some of the pages found pretended to be news and other organizations, a second group of "inauthentic" news pages showed evidence of attempts to hack accounts and spread malware.
34 major tech companies are uniting to fight cyberattacks
Cyberattacks are a global issue that can cause havoc regardless of who's involved, and key members of the tech industry are uniting in a bid to fight these attacks. A group of 34 companies has signed the Cybersecurity Tech Accord, an agreement promising to defend customers around the world from hacks regardless of where they take place or who the perpetrator might be. They're promising to boost defenses for customers (including users' capacity to defend themselves), establish more partnerships to share threats and vulnerabilities, and -- importantly -- refuse to assist governments in launching cyberattacks.
Hackers shut down plant by targeting its safety system
Hackers have already attacked critical infrastructure, but now they're launching campaigns that could have dire consequences. FireEye reported that a plant of an unmentioned nature and location (other firms believe it's in the Middle East) was forced to shut down after a hack targeted its industrial safety system -- it's the first known instance of a breach like this taking place. While the digital assault was clearly serious in and of itself, there are hints that it could have been much worse.
Russian hackers can reportedly take over unsecured hotel WiFi
Security-conscious travelers typically avoid public WiFi hotspots, instead using VPNs and other tools to make sure their data is safely encrypted as it transmits from computer to unsecured wireless router to the internet. According to networking security website, FireEye, that concern is justified. The security team discovered a malicious document in several emails sent to "multiple companies in the hospitality industry, including hotels in at least seven European countries and one Middle Eastern country in early July." The document contained a macro that installs GAMEFISH malware, which is associated with a politically-motivated Russian hacking group known as APT28 (or Fancy Bear). This is allegedly the same group that hacked the Democratic National Committee ahead of last year's US election. Even worse, the tool used after the initial malware installation, EternalBlue, reportedly leaked from the NSA itself.
Investigators connect massive federal hack to China
More information about the hack that leaked info on millions of US government employees -- including extremely detailed data from background checks -- is coming out now. While a computer security firm called CloudStrike said it came from a Chinese group called "Deep Panda" that also is suspected of pilfering data from health insurer Anthem, others disagree. Representatives of another security company, FireEye, tells Re/code that it's linked to another distinct group of hackers in China that seem focused only on personal information.
Hackers are using finance smarts and English skills to attack biotech firms
Sometimes social engineering can be far more effective than complicated malware when it comes to cyber attacks. Case in point: the cybersecurity firm FireEye has tracked a recent spate of attacks against over 100 healthcare and pharmaceutical companies to a particularly smooth group of hackers. The group -- which FireEye calls "Fin4" -- leverages its knowledge of those industries, financial markets, and native English skills for targeted attacks against executives and other notable employees. Instead of relying on spyware, the group carefully crafts emails that trick recipients into logging into malicious websites to steal their email logins. These aren't your typical hackers --- FireEye believes Fin4 is made up of Americans or Western Europeans who've worked in the U.S. banking industry. The sophisticated and methodical nature of the attacks also distinguishes them from the hackers who just want to blindly steal data.
Security firms help Cryptolocker malware victims get their files back
Remember Cryptolocker? It was a clever but terrible piece of malware that encrypted files on your PC, charging you a ransom to get them back. The leader of the gang behind to be behind the software is now awaiting trial, but that won't help around 500,000 people who still can't get at their prized documents. That's where FireEye and Fox IT, two of the companies who helped take the gang down, come in. Using the seized databases, the pair have built Decrypt Cryptolocker, a web portal where you supply your email address and one encrypted file, and it'll give you a recovery program and master key that'll restore control of your files.
Serious Internet Explorer flaw puts XP users especially at risk
We hope that you heeded our advice to finally ditch Windows XP in favor of a more modern operating system, because there's a new security exploit that'll leave stubborn XP users in the cold. In a security alert released on Saturday, Microsoft reports that there's a serious vulnerability in Internet Explorer 6 through 11 that could allow hackers to take over your computer remotely if you happen to visit a malicious website. According to security firm FireEye, it has already found evidence of an attack that targets IE 9 through 11 that uses a well-known Flash exploitation technique to gain access to your computer's memory. Microsoft has already said it plans to roll out an IE security update for all modern versions of Windows, but if you're using XP, well, you're out of luck, as support for that 12-year-old OS ended a few weeks ago.
Target reportedly knew about data breaches for 12 days before taking action
Foreign data thieves may be responsible for stealing Target's customer data late last year, but it now appears that the retailer played a large part in its own misfortune. Sources speaking to Bloomberg Businessweek claim that Target not only shut off an automatic malware removal tool, but sat on breach alerts for 12 days -- long enough for attackers to both grab card info and cover their tracks. While the store chain isn't confirming what happened at this stage, it notes that it's already revamping its security system and speeding up plans to accept chip-based payment cards, which are slightly more trustworthy. If true, though, the scoop suggests that Target could have easily prevented the theft and spared millions from the financial headaches that followed.
