Cyber Attacks on Cyber Security Firms | Riskpro India

Submitted by saurav on December 28, 2020

There was a time when cyber-attacks were rarely heard of and we knew of only a handful of companies who were victims.

In today’s time, cyber-attacks have become very common. Almost every week we read about a company’s data being breached and sold on the Dark Web or the systems being hacked and hackers extorting ransom to give the controls/data back to the company.

With the increase in the frequency of cyber-attacks, people may have curiosity regarding the type of attack, the volume of data breached, or the financial impact of the cyber-attack. But there are still those who feel cyber-attacks will never happen to them, that their systems are impenetrable; or their employees can be trusted blindly.

Most business owners and companies are cautious and implement strong cybersecurity and ITGC controls to protect their systems and data.

Some companies also approach cybersecurity firms to help them secure their systems. These cybersecurity companies often provide customized and high-tech services for a high price assuring their customers that their systems will be well safeguarded. 063032494

<h2>WHAT HAPPENS WHEN THESE CYBERSECURITY FIRMS THEMSELVES ARE HACKED? </h2>

Thinking about it seems an irony in itself that the company meant to protect your systems becomes the victim of cyber-attacks themselves. Financial losses, customer trust, and reputation are what these cybersecurity firms could lose immediately.

Let’s take a look at 2 of the recent cyber-attacks on cybersecurity firms in 2019 and 2020.

<h3>FireEye HACK </h3>
FireEye is a US-based publicly listed cybersecurity company that is the latest victim of a cyber-attack.

<b>What Happened? </b>
In December 2020, FireEye stated that its digital tools which mimic the most sophisticated hacking tools were stolen by hackers. All these tools were stored by FireEye in a digital vault which the hackers gained unauthorized access to.

The digital tools are used by FireEye’s Red Team who, with the consent of corporate and government clients, are authorized to use these tools to test the vulnerabilities of their client’s systems.

<b>Who Was Affected? </b>
FireEye when it initially learned of the cyber-attack, though it was just a security incident. However, as time lapsed and the scale of the hack was revealed, many of FireEye’s government clients like the US State Department, Treasury Department, FBI, and a large number of Fortune 500 companies across the globe.

<b>How Were Clients Affected? </b>
While investigating their hacking attack, FireEye investigators found out that there was a vulnerability in the product made by SolarWinds Corp., which is one of their software providers.

Investigators found a backdoor within the SolarWinds’ IT Management system called Orion from where hackers were able to attach malware. Once SolarWinds customers upgraded their IT software, the malware attacked their systems as well.

Customers using this software included government agencies like the Pentagon, Justice, and State Department as well as most of the Fortune 500 companies.

Major companies like Cisco, Intel, Nvidia, Belkin, and VMware have been infected with malware. SolarWinds states that 18,000 companies have been affected by the hack however, the number could be much higher.

Though the SolarWinds hack was identified in December 2020 by FireEye, it is believed the Orion system was secretly hacked in March 2020 and continued to remain vulnerable for many months.

<b>Who Is Responsible For The Attack? </b>
Considering the highly sophisticated attack, FireEye believes this to be a “state-sponsored adversary”, most probably a Russian and Chinese state-backed hacker group.

<b>What Is Supply Chain Attack? </b>
Rather than individually targeting companies, hackers resolve to “supply chain attacks” wherein they find a common tool or software used by companies and implant the malware in the software so that multiple companies can be targeted simultaneously.

<h2>AVAST HACK </h2>
Avast is another cybersecurity firm that was hacked in October 2019. The hack first occurred in May 2019 however was identified, investigated, and confirmed by Avast only in October 2019.

<b>What Happened? </b>
Hackers gained access to Avast’s internal network through a temporary VPN profile which had mistakenly been kept enabled and did not require two-factor authentication. the hacker accessed the network through comprised credentials.

The hacker was first able to comprise an Avast user’s credentials who did not originally have domain access privilege. The hacker gained domain admin privileges through a successful privilege escalation and a connection was made from a public IP outside the UK.

<b>What Was Hacked? </b>
Avast believes their product CCleaner which is used to remove infections from personal computers was the target of a supply chain attack. After 2017, this is the second time CCleaner has been hacked.

The earlier hack wherein an infected malware was implanted by hackers affected companies like Cisco, Microsoft, Google, NEC, and many other major companies. a total of 2.27 million users had to download the hacked software in 2017.

Regarding the 2019 hack, Avast CISO Jaya Baloo stated “we first re-signed a clean update of the product, pushed it out to users via an automatic update on October 15, and second, we revoked the previous certificate. Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected.”

<b>How Riskpro Can Help You? </b>
Riskpro offers Cyber Security consulting and audits. For more details, contact us at info@riskpro.in

<b>Author </b
<p><small>Anita Jagasia
Manager – Riskpro India info@riskpro.in December 2020</small></p>