Yigal Behar, host of The Cybersecurity Insider podcast, dives into the latest cybersecurity news. He begins by discussing the alarming rise in ransomware attacks.
Citing recent news, he notes the widespread impact, noting that even government bodies and other organizations have fallen victim to this malicious software.
Shirbit Attacks
Yigal continues to recount the escalating cybersecurity threats. Last week, he reveals, an Israeli insurance company named Shirbit fell victim to a ransomware attack.
On December 8, 2020, a hacker group named Black Shadow attacked Shirbit. They managed to break into the company’s systems and steal a lot of sensitive information. The hackers demanded a ransom of almost $1 million from Shirbit. They threatened to release the stolen data if the company didn’t pay (ref).
Yigal says that the danger extends beyond the immediate impact of the ransom demand. Hackers can also exploit such breaches to extract sensitive information from the network, potentially using it to fuel future attacks.
FireEye Network Breach
In a startling turn of events, Yigal reveals that FireEye, the renowned cybersecurity firm, has itself become a target. Just yesterday, the company confirmed on its website that it had suffered a major cyber attack.
The CEO, in a statement, attributed the attack to a nation-state actor. The implications of this breach are vast, given FireEye’s roster of high-profile clients. It is speculated that the attacker’s motives extend beyond mere information theft.
In response to the breach, FireEye is taking proactive measures. They are revising their toolsets, particularly their detection tools, to identify any unauthorized use of their penetration testing tools.
Red Teaming
Yigal explains the FireEye breach, talking about the concept of “red teaming.” These tools, designed for ethical hacking and penetration testing, have now fallen into the wrong hands. Adversaries, equipped with FireEye’s own tools, can create a smokescreen, attributing malicious activities to legitimate FireEye operations.
This tactic, Yigal warns, can seriously hinder investigations into network breaches, adding that “it’s a way how to disrupt an investigation of a network breach.”
The Ripple Effect
Yigal says the FireEye breach has far-reaching consequences for everyone because it can affect other companies too (impact on the supply chain). By compromising FireEye, attackers gain access to not only the company’s tools but also sensitive customer data. However, the danger doesn’t stop there.
These sophisticated adversaries are likely interested in the intelligence FireEye gathers, their methodologies for collecting it, and how they use it to inform security decisions and monitor customer activity. Yigal warns that this information could enable attackers to evade detection and undermine security measures implemented by FireEye and its clients.
According to Yigal, cyberattacks are getting harder to spot, especially those that go after the supply chain. Attackers don’t attack the main target directly anymore. They go after other companies connected to it.
This way, the main target doesn’t know they are being attacked. It’s like a sneak attack, where the attackers can gather information and get into the main target’s network without being noticed. Yigal says this type of attack is happening more and more often.
Nation-State Attacks Are A Growing Threat
Yigal shares a disturbing trend in cyberattacks. In 2019 alone, he states, out of 69 recorded cases, a whopping 37 were attributed to nation-state actors. These sophisticated attackers, he explains, target various entities with the primary goal of collecting information.
This information is then weaponized and used to orchestrate further attacks on other targets. Yigal points out that this trend of nation-state-sponsored cyber espionage is a growing concern in the cybersecurity industry.
Don’t miss out on the latest cybersecurity news and analysis! Subscribe to The Cybersecurity Insider podcast. Watch for more informative videos on our YouTube channel and join the conversation on Apple Podcasts and Spotify.