FireEye Mans the Front Line in Fight Against Cyberattacks

The security breach of a giant U.S. retail company began quietly, and imperceptibly, when an attacker used a valid password to tap into a virtualized desktop. Within minutes, the hack grew more sophisticated as it took over an administrator's privileged account and moved around using a common Microsoft system management tool. It ended catastrophically, with malware infecting cash registers in every store and millions of customers' credit cards compromised.

The unnamed retailer was one of many big companies, including Target, Sony Pictures and Anthem, that in the past year called in help from a small Silicon Valley security firm just off Interstate 880, which released a report Tuesday detailing some of its recent work.

Milpitas-based FireEye and its elite investigative division, Mandiant, have become the go-to team for hundreds of corporations looking to clean up the aftermath of security intrusions that affect millions of customers.

The report from Mandiant offers a glimpse of what it looks like on the front lines of the cyberwars, detailing how an attack on the retailer unfolded and offering advice on how companies can hinder attackers from so easily moving around an entire corporate network and establishing a foothold after poking a small hole. Asked if the unnamed retailer was Target, a Mandiant investigator declined to say.

The firm's report also illustrates the blurring lines between criminal hackers looking to steal money and state-sponsored attackers from Russia and China whose motivations go beyond profit. Several recent attacks, including on health care giant Anthem, have raised speculation that attackers were looking to harvest intelligence about select customers.

"It appears to be a bulk collection effort. They're trying to get information about as many Americans as possible," said Dmitri Alperovich, co-founder and chief technology officer of Irvine-based CrowdStrike, a Mandiant competitor that has also consulted with big health care organizations and other...

Comments are closed.