Threat actors phishing for Intellectual property and source code from IT giants

FireEye CEO David DeWalt explained that threat actors are targeting IT giants for source code and highlighted the importance to adopt new security model.

Phishing is a common practice in the hacking community, despite the level of awareness of the threat is high, the efficiency of the attacks is still significant. As highlighted in the last APWG report, the efficiency and the volume of phishing activities continue to increase making phishing one of the most dangerous cyber threats.

FireEye CEO David DeWalt, during a keynote speech at the MIRcon cyber security conference, has explained that phishing represents a serious threats for IT giants like Microsoft, Apple, Oracle and Adobe.

David DeWalt explained that FireEye has detected an alarming surge in cyber attacks targeting technology companies, threat actors appear to be more interested to source code and intellectual property of the victims.

“The [threat actors] are focused on high value targets and one of the most breached areas we see is high tech. [We’re seeing them] go for source code as if they can get the source code and find a hole to get round [users’] defences,” DeWalt said.

“Using malicious email, using web, using mobile applications they’re trying to lure [victims] to a credential-stealing tool. The amount of activity we see going for the big technology platforms – Microsoft, Apple, Adobe, Oracle – is huge.”

DeWalt highlighted that independently from the category of attackers, cyber criminals or state-sponsored hackers, the Tactics, Techniques and Procedures (TTP) are becoming even more sophisticated and effective.

FireEye is very active in the analysis of cyber threats, its experts recently have uncovered numerous APTs operating worldwide and targeting private companies and government entities. The acquisition of Mandiant Intelligence firm has completed the competencies of the company that today is a landmark in activities of threat intelligence, and the company embodies the temperament and the vision of its CEO.

DeWalt explained that almost every company suffer cyber attacks that can potentially harm their operations, a portion of breached companies is still not able to identify the threats for too long. Unfortunately, in many cases the same companies fail for long periods to identify the threat within their own systems with devastating consequences.

A recent study revealed that can take up to 18 months before a company can realize that it is under attack and start the necessary mitigation actions, in the majority of cases threat actors have already stolen huge volume of sensitive data.

“We’ve never seen such a dislocation between offence and defence. The balance has never been wider. The offensive community is so advanced the defence workers are playing catch up. We’re tracking hundreds of groups from hundreds of countries engaged in cyber activity,” he said.

“Now 97 percent of organisations are breached; 1,279 companies we deal with have evidence of breach. Of those, 76 percent saw the breach and saw the malware.” added DeWalt.

DeWalt stressed the necessity to adopt a new layered approach against dynamic cyber threats that change rapidly:

“We’re fortunate at FireEye to be involved with customers in 60 countries. In most we’re seeing the same defence culture – let’s put many layers of defence in place from as many vendors as possible to catch the bad guys,” he added.

“We’re seeing massive holes in this architecture that mean every day people are being breached. [threat actors] are getting through hundreds of millions of dollars worth of defence spending. The effectiveness of the defence is not indicative of the spend.”

FireEye has recently unveiled Advanced Threat Intelligence and Security as a Service solutions that provide for its customers threat data and analytical tools to protect their assets.

I agree with DeWalt , cyber threats constantly changing, clinging to static security models might be fatal for many companies.

Pierluigi Paganini

(Security Affairs – FireEye Ceo DeWalt, Threat Intelligence)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.