IT Security is an extremely tricky business. The main problem is that so often it is invisible and therefore never seems to present too much of a threat. As the old adage goes: ‘Out of sight, out of mind’. The issue is that hackers and even government agencies are all too aware that people will often completely ignore the threats which they face everyday, so long as those threats are invisible and do not interfere with their everyday lives.
What if I told you, for instance, that there is a very high probability that if you have a router over three years old then there is a 50% chance it has been compromised and could be used to spy on your home devices. Indeed, what if you knew that your machine was currently being used to mine cryptocurrency without your knowledge or that an IT administrator might use your login details to send private information to foreign powers… just because you thought it was okay to provide them with your username and password.
All of these are very real examples of things which have happened over the past two years without people’s knowledge and may potentially be a good indicator of things to come.
Recognising 2016: The Great NSA Cover-up
In 2016 a hacking Group called The Shadow Brokers claimed they had successfully hacked the NSA and stolen a wide range of hacking tools used to spy on US citizens and other countries. This was not confirmed by the NSA, but soon after it was discovered that the highly publicised Wannacry was based on a recognised NSA hacking tool called EternalBlue. This used a windows exploit to gain access to machines and encrypt all files.
Soon after there was an encrypted file leaked onto the Dark Web.
This file contained all of the NSA hacking tools which were stolen, and soon after The Shadow brokers auctioned off the encryption key which put these powerful hacking tools in the hands of the highest bidder.
That was pretty much the last which was heard of the matter until about two months ago. The amount of public attention most likely scared many of the hackers with these tools, with good reason – there was a high demand for individuals to be caught. Recently there have been new revelations that while it appeared that all had gone quiet, the hackers had been working to uncover the true extent of the NSA tools and decide how best to use them.
In a report carried out by the Cyber Security Alliance it was discovered that instead of the highly visible attacks, EternalBlue was now being deployed to be invisible on machines – using its resources to mine cryptocurrency. This was responsible for a surge of 459% in so-called Crypto-jacking, which is the process of stealing a machines resources to complete a task defined by a hacker.
Another tool which was stolen by the hacking group was called EternalSilence and targeted a UPnP exploit found in older routers which are often not updated by users. Using this exploit, hackers can gain direct access to all connected devices and deploy software – such as EternalBlue – as required.
Add to this the discovery of EternalRed, a version of EternalBlue which affects Linux devices such as TV’s, Android Devices, Google Devices and over 85% of all servers, and we begin to see the scale of the issue which the world now faces.
Unlike hacking tools before, the NSA tools form a complete set specifically designed to break through the most powerful and complex security setups in the world. These are not snippets of code created in a teenagers bedroom or as a side project for Security Analysts – they are highly complex systems developed by some of the leading espionage technology minds over a number decades.
In the hands of a rogue hacking team the power and reach which they now have is impossible to understand. Recently have these tools been seen used in conjunction with one another to circumvent or destroy previously thought ‘impenetrable’ systems and it is only a matter of time until no one tool can hope to stop these threats from finding a weak point in a targeted system. The best approach, the only effective approach, will soon be a mix of security patch management, zero-day protection and AI measures focused on Business Continuity.
The Real Problem: People, People, People
In many cases there is one issue with modern technical devices – the person hitting the keys. There are times that computer systems compromise the way they work for the sake of ‘usability’. A good example of this would be Facebook and Google, which use login tokens to keep people signed into their platforms even if the user leaves the website.
In September 2018 it was discovered that 50 million user accounts were compromised using this exploit. Their details were stolen and the thieves were able to use the API to also break into third-party applications which were connected to Facebook.
The sheer scale of this attack is completely incomprehensible. Considering the WannaCry attack, the largest global attack in history, affected only 200,000 machines, the size of the attack on Facebook was significantly worse and yet received far less attention. Real security threats affect the lack of knowledge users have about the risks they are exposed to and maniplulate them into taking levels of risk which put them in harms way. In these cases the only solutions are either to remove user input entirely or to give them real-world education about the steps they need to take in order to make sure they are not at risk.
It was also recently uncovered that human compliance plays a huge role in IT Security. Edward Snowden, made infamous for his leaks of NSA documents to WikiLeaks, did not use his own credentials to steal NSA documents – instead he simply called 20-25 colleagues in a remote location in Hawaii and asked them to provide their login usernames and passwords to do his job, and they obliged. This goes some way to exposing how highly secure organisations can put themselves at risk, even when they are fully aware of the risks and consequences of their actions.
The Road Ahead: Risks, Rewards and Opportunities
The purpose of this article is to highlight two key factors which will affect IT Security in the next couple of years. The first is direct exposure to leaked NSA hacking tools through unpatched devices. The second is the weakness of devices and people in spotting and halting people who appear to be ‘on our side’.
There is a real risk that individuals and companies who do not accept the need to prevent these risks will find themselves becoming victims of attacks. This could mean loss of privacy, access to devices or far worse potential consequences which could be imagined. One theory is that hacking teams are compromising hundreds of thousands of devices in secret with the aim of creating a botnet – a set of network devices which work together to attack a target with the aim of making it break and become vulnerable.
The solutions to these issues are not difficult and should be addressed individually. A competent IT Support partner is aware of the emergent threats and can easily help ensure machines are patched properly. New IT Security packages are designed to monitor network access and halt threats which affect networks. Email Threat Protection packages are designed to protect users by scanning links and ensuring all pages are safe, stopping users making critical mistakes that compromise their devices.
Additionally, IT Security Awareness training should be in place once every six months. KJL are able to carry out security testing as required and can offer real-world examples for individuals to help them recognise threats and protect their business network in the first instance, rather than having to retroactively try and recover after making a critical error. This route means no downtime for business.
If you have concerns or would like to discuss IT Security, talk to us today on 01268 627 101
5 Cybersecurity Trends and Tips
from Earl Perkins, Research Vice President at Gartner
- Companies should develop security guidelines for private and public cloud use and utilize a cloud decision model to apply rigor to cloud risks.
- Adapt your security setup away from protection and prevention to focus on detection, response, and remediation.
- Be aware of your service providers cybersecurity focus and what kind of security they provide.
- Changes in cybersecurity will require new types of skills in data science and analytics. The general increase in information will mean artificial security intelligence is necessary for most companies.
- With the increase of networked devices that affect the real world, employee and device safety, reliability and privacy are also a part of your cybersecurity responsibility.