Bangladesh’s central bank is poised to dump FireEye from their incident response and forensics contract:

Bangladesh’s central bank is unlikely to extend the contract of U.S. cyber security firm FireEye to investigate the electronic theft of $81 million of its money, sources at the bank said on Wednesday, citing high costs as one of the factors.

I have to wonder if there is more to this story than meets the eye. Mandiant, while an exceptionally talented team of forensics experts, may be struggling to accurately determine exactly what happened, thus causing the bank to lose confidence in their ability to meet contract requirements.

FireEye’s Mandiant forensics division was hired by Bangladesh Bank weeks after the cyber heist in early February. It said in an interim report that hackers took control of the bank’s network, stole credentials for sending messages on the SWIFT transactions system and used “sophisticated” malicious software to attack the computers the bank uses to process and authorize transactions.

Mandiant has said it needs 570 hours of more work to complete its investigations, a director on the board of Bangladesh Bank told Reuters. The bank has already paid about $280,000 to the company at an hourly rate of $400, he and other officials said on condition of anonymity.

Unbelievable cost. This could, quite possibly, be the reason for FireEye getting dumped. There is no reason they should be charging this much, unless their goal was to take advantage of the Bangladesh central bank.