[Security Weekly] FireEye Suffers Cyberattack, Ethical Hacking Tools Leaked
2nd Week of December 2020
1. FireEye attacked by suspected state-sponsored actors, red-team tools compromised
FireEye, one of the largest cybersecurity firms in the world, suffered an unprecedented cyberattack that compromised its red-team security tools.
In a press release on December 8, FireEye’s CEO stated that the attack used a combination of new techniques that were particularly designed to target the company. The attackers specifically looked for sensitive data related to some of the government customers. The sophistication of the techniques and the attackers’ behaviours made the company suspect that it was hit by a state-sponsored threat actor. Both FBI and Microsoft were brought into the investigation.
FireEye provides red-team tools for its customers to “hack” their own network to test their cybersecurity capabilities. These tools contain a wide range of known attack patterns, which could be highly dangerous when they end up in the wrong hands.
FireEye is now sharing an indicator-of-compromise (IoC) tool on GitHub so that potential victims could use them to detect if their networks were breached by FireEye’s stolen red-team tools. It is also sharing countermeasures against its own red-team tools on GitHub.
2. Airplane maker Embraer’s sensitive data published online by RansomExx ransomware
Embraer, the world’s third-largest aircraft manufacturer after Boeing and Airbus, had its sensitive files published online by the RansomExx ransomware group.
According to a statement released by Embraer on November 30, the actual intrusion took place on November 25 where the hackers obtained access to a single environment in its internal network. Nonetheless, the company refused to respond to the ransom demand and decided to restore its systems from backed-up databases.
Two weeks later, as Embraer’s systems resumed to normal, the attackers saw no hope of receiving the ransom payment. As revenge, files stolen from Embraer’s internal systems were published by the attackers on the RansomExx ransomware’s leak site. The published data included employees’ personal details, source code, contracts, and other private information.
To effectively mitigate double extortion ransomware attacks, data backup is not enough. It is crucial to have all sensitive data safely encrypted with an encryption solution like D’Amo. To learn more, read: The Benefits of Using a Database Encryption Solution.
3. Pfizer X BioNTech’s COVID-19 vaccine documents stolen after cyberattack at EMA
The European Medicines Agency (EMA), the EU’s regulatory body in charge of the evaluation and approval of medicines, confirmed to have suffered a cyberattack. The agency is currently in the process of reviewing two COVID-19 vaccines for approval: BNT162b2 made by Pfizer and BioNTech, of which the EU has secured 300 million doses so far; and mRNA-1273 made by Moderna, expected to supply another 160 million doses to the EU.
The EMA disclosed the incident on its website on December 9 and stated that it was working with security experts to investigate the attack. However, the agency refused to provide any further details on the impact of the attack. It is unknown whether the attackers were financially motivated or state-backed threat actors attempting to slow down the vaccine approval process.
BioNTech released a follow-up statement claiming that some of the documents relating to the BNT162b2 vaccine stored in the EMA’s servers were accessed during the attack. Nevertheless, both Pfizer and BioNTech’s systems were safe from the attack.
4. Over 250,000 MySQL databases compromised and sold on dark web auction site
Security researchers detected an auction site on the dark web that has been selling over 250,000 databases from nearly 85,000 MySQL servers with a total size of 7 TB.
This is part of an ongoing ransomware campaign that was initially detected in early 2020. The attackers would hack into the databases of SMEs and online shops and threaten the victims to sell their data online if no ransom was received.
The attackers originally posted up to 31 compromised servers for sale on a clear website. Not until recently, researchers discovered that the attackers had moved to the dark web, where data from over 250,000 MySQL databases were sold at 0.03 bitcoins (approx. $530) each.
Many SMEs use open-source database servers like MySQL. It is important for all to protect their sensitive data from leakage and to comply with data privacy regulations by adopting a database encryption solution. MyDiamo is a database encryption solution specifically designed for open-source databases like MySQL, MariaDB, Percona, and more, affordable and manageable for all SMEs. Click here to learn more about MyDiamo.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security