Category Archives: Security Perspective

Corporate posts by the FireEye team

Just Released - FireEye Advanced Threat Report - 1H 2012

| By | Advanced Threat Trends, Security Perspective, Threat Intelligence

Advanced Threat Report 1H 2012

The third issue of the FireEye Advanced Threat Report was released today. We are excited to share this report which contains the latest advanced threat information and new insights into the continued evolution of the cyber threat landscape. Advanced malware continues to grow and in the first half of 2012 is up nearly 400% vs. the first half of 2011. On average, an organization is experiencing 643 advanced malware infections per week. Keep in mind that this is advanced malware, which are unknown threats that have not been seen before, and that bypass traditional signature-based security defenses such as next-generation firewalls, IPS, gateways, and AV. The report highlights five key findings, a few of which are included here.

Advanced threats come into organizations via several threat vectors—the Web, email, and files. While web-based threats are significant, the dangers of email-based threats are growing more severe. Links and attachments delivered via email have been the source of some of the high-profile advanced persistent threat (APT) attacks such as the RSA breach, GhostNet, and NightDragon. These targeted spear-phishing emails are up, because they work. But spear phishing emails are evolving with the use of malicious links becoming more prevalent than the use of malicious attachments.

Advanced threats are posing challenges to enterprises and government agencies across the board. Industries with intellectual property, customer information, or critical infrastructure to protect are particularly vulnerable to advanced threats. Notable increases in advanced threats have been seen in the healthcare, financial services, and energy/utility industries while the technology industry continues to experience a high level of advanced threats. No industry or government agency is immune.

We hope you find the report informative and useful. And, more importantly, we hope organizations and government agencies take action to protect themselves from advanced threats. Read more in the FireEye Advanced Threat Report by filling out the form below.

Surprises in our Advanced Threat Awareness Survey

| By | Executive Perspectives, Security Perspective, Technology

A few weeks ago we conducted a survey to assess the general knowledge of advanced attacks among enterprise security professionals. Though we originally ran the survey to gather data for our own understanding, we found the results so interesting (and frankly, surprising) that we wanted to share them.

As we’ve discussed in the past, there continues to be many myths and misunderstandings regarding advanced persistent threats (“APTs”). What is clear, however, is that there is a significant disconnect in the understanding of what constitutes an advanced targeted attack and which technologies protect against them.

Continue reading »

Why I’ve Joined FireEye: The Pressing Market Needs and the Company’s Ability to Deliver

| By | Executive Perspectives, Security Perspective

This marks my first week as board chairman at FireEye, and I’m tremendously excited to be joining the company. FireEye has talented people and brilliant solutions that meet a critical need in the market, and has been growing rapidly as a result. With these fundamental assets and upcoming innovations, the prospects as we move forward are very promising.

Continue reading »

FireEye Advanced Threat Report 2H 2011 Now Available

| By | Advanced Threat Trends, Security Perspective

The new FireEye Advanced Threat Report for the second half of 2011, released today, is not your typical threat report. The threats we cover aren’t the known malware and spam you’ll find published in reports from traditional security vendors. Instead, what you’ll find is insight into advanced threats that have successfully evaded traditional lines of defense, including firewalls, IPS, gateways and antivirus.

Continue reading »

FireEye Advanced Threat Report 1H2011

| By | Advanced Threat Trends, Security Perspective

Our new 1H 2011 Advanced Threat Report is out!  It is our inaugural report and I think you will find it interesting because it is uniquely focused on the new and dynamic threats. We have thousands of appliances protecting organizations around the world, and they are deployed _behind_ firewalls, intrusion prevention systems, antivirus and Web gateways. So, the threat data we reviewed in this report are the _successful_ malware attacks breaking through traditional defenses.

Continue reading »

Conference Stuff

| By | Security Perspective, Technology, Threat Intelligence

The Present

Hi-ho, Julia here. So, here’s a summary of computer security conference related things that I’m involved with.

I’ll be at the RSA Expo for at least one of the days next week (probably Wednesday). So if you see a blue-haired weirdo wandering around, asking vendors difficult questions¹, that’s probably me. If you would like to wander around the Expo for free too, then enter the code EC10FIR [Expires Friday Feb 26] into the appropriate field from wherever this link <Register Now!> may lead you. You’ll need to register — enter a bunch of personal information about yourself first, so that you can get a ton of junk mail later this year. However, note that the only thing they actually seem to check when you pick up your badge at the expo, is the name on your government issued photo ID. So, in previous years my job title has been Professional Tomato Squeezer, working for the Instrumentality of Penguins Project — which is how I know when marketers are using RSA’s mailing list.

FireEye has a booth at RSA this year (Booth #332) See also: Official FireEye RSA2010 Stuff.

The Past

And from last October, these are my ToorCon 11 Slides [ironically PDF] They’re almost the same as the ones from my Brucon talk, but with a little more stuff.

The Future

I’ll be presenting a talk at PH-Neutral 0x7DA on how to do horrible things with PDF files. Not just exploits and syntax abuse/obfuscation, but tricks like generating the Mandelbrot set with the halftone screen spot functions.

I’m thinking of submitting a talk to Black Hat or Defcon. Are there any topics that you, the reader, would like to hear me talk about? Sure, I could do an in-depth technical talk on a specific botnet. Or a less-in-depth presentation on a whole bunch of different malware. Or a talk about reading/writing exploits and reverse engineering. Or an actually-good-talk on old-school phreaking. Of course, Defcon being Defcon, I could probably submit a talk on Goetic demon summoning (with live demonstration!) and it would get accepted. So… suggestions?

I promise that my next blog post will have more crypto and hexdumps in it.

¹ For example…

Vendor: Our product is software that you install on your windows laptop, which calls home to check if it has been stolen. And if so, deletes sensitive documents to keep them from falling into the wrong hands.

Me: So, what if rather than booting the laptop into Windows normally, the person who stole the laptop takes the hard drive out and reads the data with Linux?

Vendor: <crickets chirping> … You’ll need to talk to one of our engineers.

Julia Wolf @ FireEye Malware Intelligence Lab
Questions/Comments to research [@] fireeye [.] com

Upcoming Jan & Feb Events Where We Are Presenting Research

| By | Security Perspective, Threat Intelligence

We’re sharing our research at the upcoming ISOI6, the US Dept of Defense Cyber Crime conference, Internet2 Joint Techs, and at ShmooCon. If you are attending any of those events, we’d love to meet you in person! Alex talks about McColo, I’ll be discussing Web malware in government networks, Stu covers the latest in malware obfusction tactics, and Julia dives into the Srizbi botnet takedown. For Dates, times, topics, & locations, please read on.

Continue reading »