WASHINGTON DC: Hackers are phishing for the source code of numerous tech companies, including Microsoft, Apple, Oracle and Adobe, for use in future advanced, targeted attacks, according to FireEye CEO David Dewalt.
Dewalt (pictured below) made the claim during a keynote speech at the MIRcon cyber security conference attended by V3, claiming that the firm has detected an alarming spike in attacks targeting technology companies.
"The [hackers] are focused on high value targets and one of the most breached areas we see is high tech. [We're seeing them] go for source code as if they can get the source code and find a hole to get round [users'] defences," he said.
"Using malicious email, using web, using mobile applications they're trying to lure [victims] to a credential-stealing tool. The amount of activity we see going for the big technology platforms - Microsoft, Apple, Adobe, Oracle - is huge."
Dewalt said that the news is disturbing as developments in the cyber crime and state-sponsored hacking community mean that the attacks are becoming increasingly effective.
"We've never seen such a dislocation between offence and defence. The balance has never been wider. The offensive community is so advanced the defence workers are playing catch up. We're tracking hundreds of groups from hundreds of countries engaged in cyber activity," he said.
"Now 97 percent of organisations are breached; 1,279 companies we deal with have evidence of breach. Of those, 76 percent saw the breach and saw the malware."
The FireEye chief highlighted companies' ongoing reliance on layered security models, which he said are ill-suited to deal with multi-layered attacks.
"We're fortunate at FireEye to be involved with customers in 60 countries. In most we're seeing the same defence culture - let's put many layers of defence in place from as many vendors as possible to catch the bad guys," he said.
"We're seeing massive holes in this architecture that mean every day people are being breached. [Hackers] are getting through hundreds of millions of dollars worth of defence spending. The effectiveness of the defence is not indicative of the spend."
Dewalt said that firms will have to rethink their security strategies to deal with the increased threat and focus on threat intelligence and analytics as well as perimeter defence. FireEye is one of many security firms and government agencies calling for organisations to rethink their security practices.
Interpol opened a Global Complex for Innovation information centre on 1 October in a bid to centralise and co-ordinate anti-cyber crime efforts at security firms, law enforcement agencies, academia and wider industries.
FireEye launched an Advanced Threat Intelligence tool on 18 September designed to help firms deal with the next-generation, multi-layer threats detailed by DeWalt.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend