Tag: Mandiant

Security firm hit by hackers

FireEye’s fail-sleeping-security-guards12consultancy firm has been hit by hackers.

A note purported to be from the hacker spread on social media while a FireEye analyst’s LinkedIn appeared to have also been hacked, with the perpetrator posting numerous expletive-laden messages.

The employee’s bio was changed to state: “I’ve been hacked, all my data, all your chats, all my contacts, your numbers, your emails along with my credentials have been leaked. My devices are also nuked [sic].”

At the same time Twitters users began sharing a link to a document that appeared to show details of the attack – claiming the hacker first gained access to Mandiant in 2016.

The document contained a link and password to a file which it claimed contains details of the information obtained from the hack – as well as a link to the hacked employee’s LinkedIn page. The LinkedIn profile has since been taken down.

The document contained the hashtag ‘#Leaktheanalyst’ which has since been used by numerous Twitter users speculating on the incident.

The report goes on to list “potential” targets, including the Israeli Prime Minister’s office, LinkedIn contacts and third-party contractors.

“Mandiant Internal networks and its clients data has been compromised (might be leaked separately),” it added.

However there is no sign that FireEye or Mandiant systems have been compromised and it appears it was just a social media hack.

The hacker ranted that their actions were not financially driven.

“For a long time, we – the 31337 hackers – tried to avoid these fancy a** “analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say f**k the consequence let’s track them on Facebook, LinkedIn, Tweeter , etc.

“Let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).”

Security vendor sued for poor security

courtroom_1_lgSecurity resellers will be a bit nervous about the outcome of a court case in the US where an anti-virus software maker has been sued after a casino became infected with malware.

If the case against Trustwave succeeds it could mean that security companies could be sued if they fail to stop serious breaches.

US casino chain Affinity Games is suing Trustwave, a cyber-security vendor that was brought in to investigate a card breach but failed to detect and stop a malware incident on Affinity’s servers, which led to the escalation of a previous card breach.

In October 2013 Affinity Games was notified of fraudulent credit card activity on the bank accounts of numerous victims and it hired Trustwave to sort out what was believed to be malware on its system.

Trustwave was hired to investigate and stop a credit card breach. In January 13, 2014, Trustwave reassured the casino chain that the incident “has been contained” and that a “backdoor component appears to exist within the code base, but was inert.”

Trustwave also said that the malware’s author became aware that he was detected, and stopped all activity on October 16, 2013, also removing and deactivating some of the malware’s components.

In April 2014 the server and the application from where the suspicious activity was coming were previously tested and deemed safe in Trustwave’s report.

On April 19, 2014, Affinity hired another cyber-security investigator, Mandiant, a FireEye subsidiary, to investigate these new findings in depth. It found that the breach thought shut down by Trustwave had continued to be open until April 27, 2014, when Mandiant security experts shut it down.

Affinity says that Trustwave failed to remove the malware it discovered, failed to find all pieces of the malware, and also failed to identify evidence in some logs it looked at.

In its lawsuit, Affinity claims that “Mandiant’s investigation and remediation confirmed that Trustwave’s representations were clearly inaccurate, and its efforts woefully lacking.”

Affinity is looking for damages in excess of $100,000.

US health firm comprehensively hacked

Sheffield: CEO of AnthemAn American health insurer appears to have been hacked and lost millions of its customers’ records.
Anthem said that hackers stole the identities of customers across all of its business units.
It has about 37 million customers in the USA and has reported the attack to the Federal Bureau of Investigations (FBI).
It has said it has now closed the hole but that’s somewhat equivalent to closing the gate once the horse has bolted.
The hackers do not appear to have had access to Anthem customers’ credit card records.
It has set up a website to try to explain what happened, with its CEO and president claiming his company had state of the art information security systems.
He said that despite that, his company “was the target of a very sophisticated external cyber attack.  These attackers gained unauthorised access to Anthem’s IT systems”.
Anthem has hired a company called Mandiant to assess its IT systems.
Sheffield said: “Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge.”