On Tuesday, The New York Times reported that the highly respected cybersecurity firm FireEye was breached. From the piece:
"Hackers could leverage FireEye’s tools to hack risky, high-profile targets with plausible deniability. In risky environments, you don’t want to burn your best tools, so this gives advanced adversaries a way to use someone else’s tools without burning their best capabilities."
— Patrick Wardle, principal security researcher at Jamf
As FireEye is a trusted leader in cybersecurity, this sent a shockwave across the tech industry.
According to The Washington Post, the nation-state actors are reported to be a known hacker group called APT 29 or Cozy Bear, a group attributed to the Russian SVR foreign intelligence service. This group, who recently made news for attempting to steal coronavirus vaccine research in July, penetrated the FireEye systems and was said to be seeking their "Red Team Tools."
These nation-state actors are highly sophisticated, and with enough time and persistence, odds of them getting into a system they’re determined to access is high. Nation-state hacks have not been operating system-specific, and with groups like Cozy Bear or APT38/Lazarus, quick public disclosure becomes increasingly important.
The offense FireEye tools they were after
These tools are commonly used in the "offense" side of security in order to imitate the tools that may be used in a real attack and, with permission by vendors, are used in order to test their systems in search for vulnerabilities. These tools are arguably some of the most sensitive data held by cybersecurity firms, second only to customer data.
FireEye's swift response
Although the hack was certainly eye-opening, FireEye disclosed the breach quickly and publicly, posting the YARA rules of these tools as well as countermeasures on GitHub. This allowed others in the cybersecurity space to quickly monitor for the tools to which the hackers gained access—the defense to their offense.
Jamf Protect has you covered
Fortunately, with tools like Jamf Protect, you can leave the security of your devices to Jamf and IT departments. Jamf Protect immediately began the process of implementing the single MacOS-specific YARA rule into their production pipeline the day FireEye disclosed the information surrounding the breach. The team at Jamf Protect will continue to monitor for these tools and will make updates to the rule as needed.
Ways enterprise can protect itself
As malware within the MacOS ecosystem is still on the rise, it becomes continually important to take the steps to secure devices. There are steps and precautions that can be taken in order to make certain your devices are as secure as possible, in addition to the utilization of tools like Jamf Protect:
- Update software when available
- Patch early and often
- Educate end-users on proper practices
Jamf can help
Combining these steps alongside an endpoint security solution like Jamf Protect will help keep your devices secure — all while maintaining a minimal impact on end-users, providing a better user experience.
Jamf Protect uses monitoring, heuristic analysis, threat detection, threat prevention, and threat remediation to guard your Apple fleet against potential threats and offers same-day support as new Apple releases.
Get Jamf Protect's proactive endpoint protection today.