“FireEye”的意思、由来-开放百科全书

}}FireEye is a public cybersecurity company headquartered in Milpitas, California.^[2] It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.^[3] FireEye was founded in 2004. Initially, it focused on developing virtual machines that would download and test internet traffic before transferring it to a corporate or government network. The company diversified over time, in part through acquisitions. In 2014, it acquired Mandiant, which provides incident response services following the identification of a security breach. FireEye went public in 2013. USAToday says FireEye "has been called in to investigate high-profile attacks against Target, JP Morgan Chase, Sony Pictures, Anthem and others".^[4] Yahoo Finance says FireEye is again the fastest-growing cyber security firm, according to Deloitte.^[5]

Corporate history

FireEye was founded in 2004 by Ashar Aziz, a former Sun Microsystems engineer.^[3]^[6] It received an early investment from the CIA's investment arm, In-Q-Tel, in 2009.^[7] FireEye's first commercial product was not developed and sold until 2010.^[8] That same year, FireEye expanded into the Middle-East.^[9] This was followed by the opening of new offices in Asia Pacific in 2010,^[10] Europe in 2011^[11] and Africa in 2013.^[12]

In December 2012, founder Aziz stepped down as CEO and former McAfee CEO David DeWalt was appointed to the position.^[2]^[13]^[14] DeWalt was recruited in order to prepare the company for an initial public offering (IPO).^[8]^[15] The following year, FireEye raised an additional $50 million in venture capital, bringing its total funding to $85 million.^[16]^[17] In late 2013, FireEye went public, raising $300 million.^[18]

At the time, FireEye was growing rapidly.^[13] It had 175 employees in 2011, which grew to 900 by June 2012.^[13] Revenues multiplied eight-fold between 2010 and 2012.^[13] However, FireEye was not yet profitable, due to high operating costs, such as research and development expenses.^[13]

In January 2014, FireEye acquired Mandiant for $1 billion.^[19] Mandiant was a private company founded in 2004 by Kevin Mandia that provided incident response services in the event of a data security breach.^[19]^[20] Mandiant was known for investigating high-profile hacking groups.^[19] Before the acquisition, FireEye would often identify a security breach, then partner with Mandiant to investigate who the hackers were.^[19] Mandiant became a subsidiary of FireEye.^[19]

In late 2014, FireEye initiated a secondary offering, selling another $1.1 billion in shares, in order to fund development of a wider range of products.^[21] Shortly afterward, FireEye acquired another data breach investigation company, nPulse, for approximately $60 million.^[22] By 2015, FireEye was making more than $100 million in annual revenue, but was still unprofitable,^[23] largely due to research and development spending.^[6]

In January 2016, FireEye acquired iSIGHT Partners for $275 million.^[24] iSIGHT was a threat intelligence company^[25] that gathered information about hacker groups and other cybersecurity risks.^[26] This was followed by the acquisition of Invotas, an IT security automation company.^[27]^[28] DeWalt stepped down as CEO in 2016 and was replaced by Mandiant CEO and former FireEye President Kevin Mandia.^[2]^[6] Afterwards, there was a downsizing and restructuring in response to lower-than-expected sales, resulting in a layoff of 300-400 employees.^[29]^[30] Afterwards, profit and revenue increased on account of shifts to a subscription model and lower costs.^[31]

Acquisitions

Products and services

FireEye started out as a "sandboxing" company.^[38] Sandboxing is where incoming network traffic is opened within a virtual machine to test it for malicious software, before being introduced into the network.^[19]^[23] FireEye's products diversified over time, in part through acquisitions.^[2]^[38] In 2017, FireEye transitioned from primarily selling appliances, to a software-as-a-service model.^[39]

FireEye sells technology products including network, email and endpoint security, a platform for managing security operations centers called Helix, consulting services primarily based on incident response, and threat intelligence products.^[40]^[41]

The Central Management System (CMS) consolidates the management, reporting, and data sharing of Web MPS (Malware Protection System), Email MPS, File MPS, and Malware Analysis System (MAS) into a single network-based appliance by acting as a distribution hub for malware security intelligence.^[42]

The FireEye Cloud crowd-sources Dynamic Threat Intelligence (DTI) detected by individual FireEye MPS appliances, and automatically distributes this time sensitive zero-day intelligence globally to all subscribed customers in frequent updates. Content Updates include a combination of DTI and FireEye Labs generated intelligence identified through research efforts.

Operations

2008-2014

In October/November 2009, FireEye participated in an effort to take down the Mega-D botnet (also known as Ozdok).^[43] On March 16, 2011, the Rustock botnet was taken down through an action by Microsoft, US federal law enforcement agents, FireEye, and the University of Washington.^[44] In July 2012, FireEye was involved in analysis^[45] of the Grum botnet's command and control servers located in the Netherlands, Panama, and Russia.{{citation needed|date=July 2017}}

In 2013, Mandiant (before being acquired by FireEye) uncovered a multi-year espionage effort by a Chinese hacking group called APT1.^[46]

In 2014, the FireEye Labs team identified two new zero-day vulnerabilities – CVE-2014-4148 and CVE-2014-4113 – as part of limited, targeted attacks against major corporations. Both zero-days exploit the Windows kernel. Microsoft addressed the vulnerabilities in their October 2014 Security Bulletin.^[47] Also in 2014, FireEye provided information on a threat group it calls FIN4. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group has targeted hundreds of companies, and specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information.^[48] Also in 2014, FireEye released a report focused on a threat group it refers to as APT28. APT28 focuses on collecting intelligence that would be most useful to a government. Specifically, FireEye found that since at least 2007, APT28 has been targeting privileged information related to governments, militaries, and security organizations that would likely benefit the Russian government.^[49]

2015

In 2015, FireEye confirmed the existence of at least 14 router implants spread across four different countries: Ukraine, Philippines, Mexico, and India. Referred to as SYNful Knock, the implant is a stealthy modification of the router’s firmware image that can be used to maintain persistence within a victim’s network.^[50]

In September 2015, FireEye obtained an injunction against a security researcher attempting to report vulnerabilities in FireEye Malware Protection System.^[51]

In 2015, FireEye uncovered an attack exploiting two previously unknown vulnerabilities, one in Microsoft Office (CVE-2015-2545) and another in Windows (CVE-2015-2546). The attackers hid the exploit within a Microsoft Word document (.docx) that appeared to be a résumé. The combination of these two exploits grant fully privileged remote code execution. Both vulnerabilities were patched by Microsoft.^[52]

In 2015, the FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE-2015-3113). Adobe released a patch for the vulnerability with an out-of-band security bulletin. FireEye attributed the activity to a China-based threat group it tracks as APT3.^[53]

2016

In 2016, FireEye announced that it has been tracking a pair of cybercriminals referred to as the “Vendetta Brothers.” The company said that the enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information and sell it on their underground marketplace “Vendetta World.”^[54]

In mid-2016, FireEye released a report on the impact of the 2015 agreement between US President Barack Obama and Chinese President Xi Jinping that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for an economic advantage. The security firm reviewed the activity of 72 groups that it suspects are operating in China or otherwise support Chinese state interests and determined that, as of mid-2014, there was an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries.^[55]

In 2016, FireEye announced that it had identified several versions of an ICS-focused malware – dubbed IRONGATE – crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. Although Siemens Product Computer Emergency Readiness Team (ProductCERT) confirmed to FireEye that IRONGATE is not viable against operational Siemens control systems and that IRONGATE does not exploit any vulnerabilities in Siemens products, the security firm said that IRONGATE invokes ICS attack concepts first seen in Stuxnet.^[56]

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player (CVE-2016-4117). The security firm reported the issue to the Adobe Product Security Incident Response Team (PSIRT) and Adobe released a patch for the vulnerability in just four days later.^[57]

In 2016, FireEye discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. FireEye reached out to Qualcomm in January 2016 and subsequently worked with the Qualcomm Product Security Team to address the issue.^[58]

In 2016, FireEye provided details on FIN6, a cyber criminal group that steals payment card data for monetization from targets predominately in the hospitality and retail sectors. The group was observed aggressively targeting and compromising point-of-sale (POS) systems, and making off with millions of payment card numbers that were later sold on an underground marketplace.^[59]

FireEye's firm Mandiant was hired by Russia's Alfa Bank to locate information on connections to Trump's servers and was also hired by Equifax to determine source of data breach and in both cases, Mandiant did not find anything conclusive.

2017

In 2017, FireEye detected malicious Microsoft Office RTF documents leveraging a previously undisclosed vulnerability, CVE-2017-0199. This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit. FireEye shared the details of the vulnerability with Microsoft and coordinated public disclosure timed with the release of a patch by Microsoft to address the vulnerability.^[62]

2018

References

1. ^{{cite|title=FireEye 2017 Annual Report|url=https://investors.fireeye.com/static-files/7d29ef18-00c2-475a-996e-a6df8b9a01c4|publisher=FireEye}}
2. ^¹²³⁴{{cite web | title=FireEye Names New CEO | website=Fortune | date=May 6, 2016 | url=http://fortune.com/2016/05/06/fireeye-ceo-rumors/ | access-date=September 18, 2018|first=Robert|last=Hackett }}
3. ^¹{{cite book | last=Springer | first=P.J. | title=Encyclopedia of Cyber Warfare | publisher=ABC-CLIO | year=2017 | isbn=978-1-4408-4425-6 | url=https://books.google.com/books?id=9tgoDwAAQBAJ&pg=PA109 | access-date=September 18, 2018 | page=109}}
4. ^{{cite web|title=FireEye has become Go-to Company for Breaches|url=https://www.usatoday.com/story/tech/2015/05/20/fireeye-mandiant-carefirst/27659481/|website=USA Today|accessdate=21 May 2015}}
5. ^{{cite web|title=FireEye Fastest Growing Cyber Security|url=https://finance.yahoo.com/news/fireeye-fastest-growing-cyber-security-130000702.html|website=Yahoo Finance|accessdate=2015-11-20}}
6. ^¹²{{cite news | last=Anderson | first=Mae | title=FireEye is tech firms' weapon against disinformation, staffed with 'the Navy SEALs of cyber security' | newspaper=latimes.com | date=August 24, 2018 | url=http://www.latimes.com/business/technology/la-fi-tn-fireeye-20180824-story.html | access-date=September 18, 2018}}
7. ^{{cite web | last=Takahashi | first=Dean | title=CIA’s In-Q-Tel funds FireEye anti-botnet security firm | website=VentureBeat | date=November 18, 2009 | url=https://venturebeat.com/2009/11/18/cias-in-q-tel-funds-fireeye-anti-botnet-security-firm/ | access-date=September 18, 2018}}
8. ^¹{{cite web | title=FireEye shares double as hot security firm goes public | website=USA TODAY | date=September 20, 2013 | url=https://www.usatoday.com/story/cybertruth/2013/09/24/fireeye-shares-double-as-security-firm-goes-public/2844227/ | access-date=September 22, 2018}}
9. ^{{cite web | title=FireEye Inc steps into the Middle East | website=ITP.net | url=http://www.itp.net/583119-fireeye-inc-steps-into-the-middle-east |first=Georgina|last=Enzer| accessdate=September 18, 2018}}
10. ^{{cite web | title=Security Watch: FireEye appoints first ever Asia Pac president | website=CSO | date=November 15, 2018 | url=https://www.cso.com.au/article/571608/fireeye-appoints-first-ever-asia-pac-president/ | access-date=November 15, 2018}}
11. ^{{cite web | title=FireEye looks to break into UK | website=IT PRO | date=March 17, 2011 | url=http://itpro.co.uk/go/14826 | access-date=September 18, 2018|first=Tom|last=Brewster}}
12. ^{{cite web | last=Doyle | first=Kirsten | title=FireEye opens local office | website=ITWeb | date=August 7, 2013 | url=https://www.itweb.co.za/content/okYbe9MX51jqAWpG | access-date=September 22, 2018}}
13. ^¹²³⁴{{cite web | last=Owens | first=Jeremy C. | last2=Delevett | first2=Peter | title=FireEye’s price more than doubles on Wall Street after eye-popping IPO | website=The Mercury News | date=September 20, 2013 | url=https://www.mercurynews.com/2013/09/20/fireeyes-price-more-than-doubles-on-wall-street-after-eye-popping-ipo-2/ | access-date=September 22, 2018}}
14. ^{{cite web | title=FireEye names former McAfee exec Dave DeWalt as CEO, plans IPO | website=Reuters | date=November 28, 2012 | url=https://www.reuters.com/article/fireeye-ceo/fireeye-names-former-mcafee-exec-dave-dewalt-as-ceo-plans-ipo-idUSL1E8MSA7R20121128 | access-date=September 18, 2018}}
15. ^{{cite web | last=Kelly | first=Meghan | title=FireEye brings more legitimacy to new security solutions with IPO filing | website=VentureBeat | date=August 5, 2013 | url=https://venturebeat.com/2013/08/05/fireeye-ipo/ | access-date=September 22, 2018}}
16. ^{{cite web | last=Westervelt | first=Robert | title=FireEye Scores $50M Funding, Beefs Up Executive Team | website=CRN | date=January 10, 2013 | url=https://www.crn.com/news/security/240146043/fireeye-scores-50m-funding-beefs-up-executive-team.htm | access-date=September 22, 2018}}
17. ^{{cite web | last=Bort | first=Julie | title=Now Worth $1.25 Billion, FireEye Is The Next Hot Enterprise Startup To Watch | website=Business Insider | date=January 10, 2013 | url=https://www.businessinsider.com/fireeye-fundraising-2013-1 | access-date=September 22, 2018}}
18. ^{{cite web | last=Owens | first=Jeremy C. | last2=Delevett | first2=Peter | title=FireEye’s price more than doubles on Wall Street after eye-popping IPO | website=The Mercury News | date=September 20, 2013 | url=https://www.mercurynews.com/2013/09/20/fireeyes-price-more-than-doubles-on-wall-street-after-eye-popping-ipo-2/ | access-date=September 22, 2018}}
19. ^¹²³⁴⁵{{cite web |first1=Nicole|last1=Perlroth|first2=David|last2= Sanger| title=FireEye Computer Security Firm Acquires Mandiant | website=The New York Times | date=January 3, 2014 | url=https://www.nytimes.com/2014/01/03/technology/fireeye-computer-security-firm-acquires-mandiant.html | access-date=September 18, 2018}}
20. ^{{cite web | author=Reuters | title=FireEye Buys Mandiant For $1 Billion In Huge Cyber Security Merger | website=Business Insider | date=January 2, 2014 | url=https://www.businessinsider.com/fireeye-buys-mandiant-for-1-billion-2014-1 | access-date=September 22, 2018}}
21. ^{{cite web | last=Merced | first=Michael J. de la | title=With Its Stock Riding High, FireEye Sells More Shares for $1.1 Billion | website=DealBook | date=March 10, 2014 | url=https://dealbook.nytimes.com/2014/03/07/with-its-stock-riding-high-fireeye-sells-more-shares-for-1-1-billion/ | access-date=September 22, 2018}}
22. ^{{cite web | title=FireEye Buys nPulse Technologies For $60M+ To Beef Up Network Security Suite | website=TechCrunch | date=May 6, 2014 | url=https://techcrunch.com/2014/05/06/fireeye-buys-npulse-technologies-for-60m-to-beef-up-network-security-suite/ |first=Ron|last=Miller | access-date=September 18, 2018}}
23. ^¹{{cite web | title=FireEye has become go-to company for breaches | website=USA TODAY | date=May 20, 2015 | url=https://www.usatoday.com/story/tech/2015/05/20/fireeye-mandiant-carefirst/27659481/ | access-date=September 18, 2018|first=Elizabeth|last=Weise}}
24. ^{{cite web | last=Finkle | first=Jim | title=FireEye buys cyber intelligence firm iSight Partners for $200 million | website=U.S. | date=January 20, 2016 | url=https://www.reuters.com/article/us-isight-fireeye-m-a/fireeye-buys-cyber-intelligence-firm-isight-partners-for-200-million-idUSKCN0UY2OU | access-date=September 22, 2018}}
25. ^{{cite web | title=FireEye Makes a Big Acquisition | website=Fortune | date=January 20, 2016 | url=http://fortune.com/2016/01/20/fireeye-acquisition-isight-partners/ | access-date=September 22, 2018|first=Robert|last=Hackett}}
26. ^{{cite web | title=FireEye bulks up for ‘cyber arms race’| website=Financial Times | date=January 20, 2016 | url=https://www.ft.com/content/35b30470-bfb0-11e5-846f-79b0e3d20eaf | access-date=September 22, 2018|first=Hannah|last= Kuchler }}
27. ^{{cite web | last=Morgan | first=Steve | title=FireEye acquires Invotas; Who's next? | website=CSO Online | date=February 2, 2016 | url=https://www.csoonline.com/article/3029176/techology-business/fireeye-acquires-invotas-whos-next.html | access-date=September 22, 2018}}
28. ^{{cite web | last=Beckerman | first=Josh | title=FireEye Buys Invotas International | website=WSJ | date=February 2, 2016 | url=https://www.wsj.com/articles/fireeye-buys-invotas-international-1454375898 | access-date=September 22, 2018}}
29. ^{{cite web | last=Wieczner | first=Jen | title=What FireEye's Stock Crash Says About Hacking | website=Fortune | date=August 5, 2016 | url=http://fortune.com/2016/08/05/fireeye-stock-feye-earnings/ | access-date=September 22, 2018}}
30. ^{{cite web | last=Owens | first=Jeremy C. | title=FireEye plans layoffs as new CEO takes the helm, stock plunges | website=MarketWatch | date=August 4, 2016 | url=https://www.marketwatch.com/story/fireeye-plans-layoffs-as-new-ceo-takes-the-helm-2016-08-04 | accessdate=September 22, 2018}}
31. ^{{cite web | last=Sharma | first= Vibhuti | title=FireEye earnings boosted by lower costs, higher subscriptions | website=Reuters | date=October 30, 2018 | url=https://www.reuters.com/article/us-fireeye-results-idUSKCN1N42Q7 | access-date=November 15, 2018}}
32. ^{{cite news|title=FireEye Computer Security Firm Acquires Mandiant|url=https://www.nytimes.com/2014/01/03/technology/fireeye-computer-security-firm-acquires-mandiant.html | work=The New York Times | first1=Nicole|last1=Perlroth|first2=David E.|last2=Sanger|date=2014-01-02}}
33. ^{{cite web|last=Miller|first= Ron|date= May 8, 2014|website=TechCrunch|url=https://techcrunch.com/2014/05/06/fireeye-buys-npulse-technologies-for-60m-to-beef-up-network-security-suite/ |title=FireEye Buys nPulse Technologies For $60M+ To Beef Up Network Security Suite}}
34. ^http://investors.fireeye.com/releasedetail.cfm?ReleaseID=951017
35. ^http://investors.fireeye.com/releasedetail.cfm?releaseid=952747
36. ^{{Cite web|url=https://www.fireeye.com/blog/products-and-services/2018/04/the-future-is-bright-for-fireeye-email-security.html|title=The Future is Bright for FireEye Email Security « The Future is Bright for FireEye Email Security|website=FireEye|access-date=2018-07-12}}
37. ^https://www.fireeye.com/company/press-releases/2017/FireEye_Announces_Acquisition_of_X15_Software.html
38. ^¹{{cite web | last=Oltsik | first=Jon | title=FireEye Myth and Reality | website=CSO Online | date=October 15, 2015 | url=https://www.csoonline.com/article/2993882/security/fireeye-myth-and-reality.html | access-date=September 18, 2018}}
39. ^{{cite web | title=Cybersecurity Firm FireEye's Revenue Beats Street | website=Fortune | date=July 1, 2017 | url=http://fortune.com/2017/08/01/cybersecurity-fireeye-revenue-beats-street/ | access-date=September 22, 2018}}
40. ^{{cite web | last=Casaretto | first=John | title=FireEye launches a new platform and details Mandiant integration | website=SiliconANGLE | date=February 14, 2014 | url=https://siliconangle.com/2014/02/14/fireeye-launches-a-new-platform-and-details-mandiant-integration/ | access-date=September 22, 2018}}
41. ^{{cite web | last=Kuranda | first=Sarah | title=FireEye Brings Together Security Portfolio Under New Helix Platform | website=CRN | date=November 30, 2016 | url=https://www.crn.com/news/security/300082959/fireeye-brings-together-security-portfolio-under-new-helix-platform.htm | access-date=September 22, 2018}}
42. ^{{Cite web|url=http://sonoranweeklyreview.com/fireeye-forecasts-downbeat-results-for-current-quarter-shares-tumble-nasdaqfeye/|title=FireEye Forecasts Downbeat Results for Current Quarter; Shares Tumble (NASDAQ:FEYE) - Sonoran Weekly Review|date=2016-05-06|website=Sonoran Weekly Review|language=en-US|access-date=2016-05-06}}
43. ^{{cite news | last = Cheng| first = Jacqui| title = Researchers' well-aimed stone takes down Goliath botnet | publisher = Ars Technica| date = November 11, 2009 | url = https://arstechnica.com/security/news/2009/11/researchers-well-aimed-stone-take-down-goliath-botnet.ars | accessdate = 2009-11-30}}
44. ^{{cite news | last=Wingfield | first=Nick | title=Spam Network Shut Down | newspaper=Wall Street Journal | date=2011-03-18 | url=https://www.wsj.com/articles/SB10001424052748703328404576207173861008758 | accessdate=2011-03-18}}
45. ^{{cite web |url=http://blog.fireeye.com/research/2012/07/killing-the-beast-part-5.html |title=FireEye Blog | Threat Research, Analysis, and Mitigation |publisher=Blog.fireeye.com |date= |accessdate=2014-04-12 |deadurl=yes |archiveurl=https://web.archive.org/web/20130131071855/http://blog.fireeye.com/research/2012/07/killing-the-beast-part-5.html |archivedate=2013-01-31 |df= }}
46. ^{{cite web | last=Sanger | first=David E. | last2=Barboza | first2=David | last3=Perlroth | first3=Nicole | title=China’s Army Is Seen as Tied to Hacking Against U.S. | website=The New York Times | date=February 18, 2013 | url=https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html | access-date=October 15, 2018}}
47. ^{{cite web|title=Microsoft Security Bulletin Summary for October 2014|url=https://technet.microsoft.com/library/security/ms14-oct|publisher=Microsoft|accessdate=21 June 2017}}
48. ^{{cite news|last1=Sullivan|first1=Gail|title=Report: ‘FIN4’ hackers are gaming markets by stealing insider info|url=https://www.washingtonpost.com/news/morning-mix/wp/2014/12/02/report-hackers-are-gaming-markets-by-stealing-insider-info/|accessdate=21 June 2017|publisher=Washington Post|date=2 December 2014}}
49. ^{{cite news|last1=Fox-Brewster|first1=Tom|title='State sponsored' Russian hacker group linked to cyber attacks on neighbours|url=https://www.theguardian.com/technology/2014/oct/29/russian-hacker-group-cyber-attacks-apt28|publisher=The Guardian|date=29 October 2014}}
50. ^{{cite news|last1=Leyden|first1=John|title=Compromised Cisco routers spotted bimbling about in the wild|url=https://www.theregister.co.uk/2015/09/15/compromised_cisco_routers/|accessdate=21 June 2017|publisher=The Register|date=15 September 2015}}
51. ^{{cite news |url=https://arstechnica.com/security/2015/09/security-company-sues-to-bar-disclosure-related-to-its-own-flaws/ |title=Security company litigates to bar disclosure related to its own flaws |first=Dan |last=Goodin |date=September 11, 2015 |accessdate=September 12, 2015 }}
52. ^{{cite web|title=Acknowledgments – 2015|url=https://technet.microsoft.com/library/security/dn903755.aspx|publisher=Microsoft|accessdate=21 June 2017}}
53. ^{{cite web|title=Security updates available for Adobe Flash Player|url=https://helpx.adobe.com/security/products/flash-player/apsb15-14.html|publisher=Adobe|accessdate=21 June 2017}}
54. ^{{cite news|last1=Korolov|first1=Maria|title=Diversified supply chain helps 'Vendetta Brothers' succeed in criminal business|url=http://www.csoonline.com/article/3125744/investigations-forensics/diversified-supply-chain-helps-vendetta-brothers-succeed-in-criminal-business.html|accessdate=21 June 2017|publisher=CSO|date=29 September 2016}}
55. ^{{cite news|last1=Hackett|first1=Robert|title=China’s Cyber Spying on the U.S. Has Drastically Changed|url=http://fortune.com/2016/06/25/fireeye-mandia-china-hackers/|accessdate=21 June 2017|publisher=Fortune|date=25 June 2016}}
56. ^{{cite news|last1=Cox|first1=Joseph|title=There's a Stuxnet Copycat, and We Have No Idea Where It Came From|url=https://motherboard.vice.com/en_us/article/theres-a-stuxnet-copycat-and-we-have-no-idea-where-it-came-from|accessdate=21 June 2017|publisher=Motherboard|date=2 June 2016}}
57. ^{{cite web|title=Security updates available for Adobe Flash Player|url=https://helpx.adobe.com/security/products/flash-player/apsb16-15.html|publisher=Adobe|accessdate=21 June 2017}}
58. ^{{cite news|last1=Goodin|first1=Dan|title=Critical Qualcomm security bug leaves many phones open to attack|url=https://arstechnica.com/security/2016/05/5-year-old-android-vulnerability-exposes-texts-and-call-histories/|accessdate=21 June 2017|publisher=Ars Technica|date=5 May 2016}}
59. ^{{cite news|last1=Taylor|first1=Harriet|title=What one criminal gang does with stolen credit cards|url=https://www.cnbc.com/2016/04/20/what-one-criminal-gang-does-with-stolen-credit-cards.html|accessdate=21 June 2017|publisher=CNBC|date=20 April 2016}}
60. ^http://fortune.com/2016/11/02/donald-trump-alfa-bank/
61. ^https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros
62. ^{{cite web|title=CVE-2017-0199 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API|url=https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199|publisher=Microsoft|accessdate=21 June 2017}}
63. ^{{cite web | title=How FireEye Helped Facebook Spot a Disinformation Campaign | website=The New York Times | date=August 23, 2018 | url=https://www.nytimes.com/2018/08/23/technology/fireeye-facebook-disinformation.html | access-date=September 22, 2018|first1=Kate|last1=Conger|first2=Sheera|last2=Frenkel}}