The Shadow Brokers—the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency’s weaponized software exploits—just published its most significant release yet. Friday’s dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. IT security experts from ESET and AlienVault commented below.
Anton Cherepanov, Malware Researcher at ESET:
“There are exploits in this dump that work against most versions of Windows. However, the vulnerabilities used in these exploits were patched on March 2017 (MS17-010).
These vulnerabilities are related to the SMB protocol which is used in LAN networks; which computers don’t normally use directly on the internet. So, most internet users are safe.
However, organisations with large networks of machines (especially servers, as they have large uptime and are rarely rebooted to install patches) are at higher risk as these exploits are the perfect tools for lateral movement. Once attackers can get to one computer on a network which doesn’t have the latest patches installed, then they can compromise each node in this network.
As attackers are likely to repurpose the exploits, we expect that they will be used by many cyber-groups and malware families. Also, those still using Windows XP/2003 will stay vulnerable to the attacks forever as there are no patches for these older operating systems.
Besides exploits, there is a very powerful backdoor (or implant) called PEDDLECHEAP. This backdoor has a lot of different features that can be extended by scripting language. For example, attackers can use it to remotely control machines.”
Javvad Malik, Security Advocate at AlienVault:
“Looking at the issue at a wide scale, this isn’t something that is restricted to Windows. Vulnerabilities exist in all software and operating systems. For the average individual, and SMB’s, zero days aren’t historically proven to be a big threat. Rather these are saved for specific targeted attacks.
“Secondly, practising basic security hygiene and implementing standard safeguards should prevent many attacks from executing successfully.
“Lastly, even if attacks are successful, most enterprises have monitoring capabilities in place (often complimented by threat intelligence that updates consistently) and can detect threats emerging rapidly to allow companies to respond.”