Threat actors phishing for Intellectual property and source code from IT giants

FireEye CEO David DeWalt explained that threat actors are targeting IT giants for source code and highlighted the importance to adopt new security model.

Phishing is a common practice in the hacking community, despite the level of awareness of the threat is high, the efficiency of the attacks is still significant. As highlighted in the last APWG report, the efficiency and the volume of phishing activities continue to increase making phishing one of the most dangerous cyber threats.

FireEye CEO David DeWalt, during a keynote speech at the MIRcon cyber security conference, has explained that phishing represents a serious threats for IT giants like Microsoft, Apple, Oracle and Adobe.

David DeWalt explained that FireEye has detected an alarming surge in cyber attacks targeting technology companies, threat actors appear to be more interested to source code and intellectual property of the victims.

“The [threat actors] are focused on high value targets and one of the most breached areas we see is high tech. [We’re seeing them] go for source code as if they can get the source code and find a hole to get round [users’] defences,” DeWalt said.

“Using malicious email, using web, using mobile applications they’re trying to lure [victims] to a credential-stealing tool. The amount of activity we see going for the big technology platforms – Microsoft, Apple, Adobe, Oracle – is huge.”

DeWalt highlighted that independently from the category of attackers, cyber criminals or state-sponsored hackers, the Tactics, Techniques and Procedures (TTP) are becoming even more sophisticated and effective.

FireEye is very active in the analysis of cyber threats, its experts recently have uncovered numerous APTs operating worldwide and targeting private companies and government entities. The acquisition of Mandiant Intelligence firm has completed the competencies of the company that today is a landmark in activities of threat intelligence, and the company embodies the temperament and the vision of its CEO.

DeWalt explained that almost every company suffer cyber attacks that can potentially harm their operations, a portion of breached companies is still not able to identify the threats for too long. Unfortunately, in many cases the same companies fail for long periods to identify the threat within their own systems with devastating consequences.

A recent study revealed that can take up to 18 months before a company can realize that it is under attack and start the necessary mitigation actions, in the majority of cases threat actors have already stolen huge volume of sensitive data.

“We’ve never seen such a dislocation between offence and defence. The balance has never been wider. The offensive community is so advanced the defence workers are playing catch up. We’re tracking hundreds of groups from hundreds of countries engaged in cyber activity,” he said.

“Now 97 percent of organisations are breached; 1,279 companies we deal with have evidence of breach. Of those, 76 percent saw the breach and saw the malware.” added DeWalt.

DeWalt stressed the necessity to adopt a new layered approach against dynamic cyber threats that change rapidly:

“We’re fortunate at FireEye to be involved with customers in 60 countries. In most we’re seeing the same defence culture – let’s put many layers of defence in place from as many vendors as possible to catch the bad guys,” he added.

“We’re seeing massive holes in this architecture that mean every day people are being breached. [threat actors] are getting through hundreds of millions of dollars worth of defence spending. The effectiveness of the defence is not indicative of the spend.”

FireEye has recently unveiled Advanced Threat Intelligence and Security as a Service solutions that provide for its customers threat data and analytical tools to protect their assets.

I agree with DeWalt , cyber threats constantly changing, clinging to static security models might be fatal for many companies.

Pierluigi Paganini

(Security Affairs –  FireEye Ceo DeWalt, Threat Intelligence)