Category Archives: shadow brokers

The leaked NSA hacking tool that will wreak havoc for years to come

Posted on by

A powerful hacking tool original used by the National Security Agency and subsequently leaked in April by the Shadow Brokers will give defenders problems for years to come as hackers continue to adopt and repurpose the malicious computer code, experts and former U.S. intelligence officials tell CyberScoop. The tool, codenamed EternalBlue, effectively leverages two different coding flaws in older versions of Microsoft Windows to propagate malware on a targeted computer network. In practice, this exploit breaks a network file sharing protocol known as the server message block, or SMB. Although Microsoft promptly released several software updates for affected versions of Windows in March, and then again most recently in May, millions of systems remain unpatched and therefore vulnerable to hackers using EternalBlue. Experts believe that the high-quality exploit will be used in the coming years by both amateurish hackers and sophisticated threat actors to steal information. “EternalBlue will exist and […]

The post The leaked NSA hacking tool that will wreak havoc for years to come appeared first on Cyberscoop.

Continue reading The leaked NSA hacking tool that will wreak havoc for years to come

After WannaCry, EternalRocks digs deeper into the NSA’s exploit toolbox

Posted on by

WannaCry may be behind us, but fears that the crooks might create new malware from the NSA’s stash of exploits seem to be coming true Continue reading After WannaCry, EternalRocks digs deeper into the NSA’s exploit toolbox

Super-stealthy attackers used NSA exploit weeks before WannaCry

Posted on by

Weeks before the WannaCry ransomware spread like wildfire through unpatched Windows systems, a more sophisticated, stealthier attacker used the same NSA-engineered cyberweapon to infiltrate the IT networks of companies across the world, including at least one publicly traded in the U.S., according to new research. So stealthy was the fileless, in-memory attack, which hides itself inside the activity of a legitimate application, that it evaded five different security products running on the infected system, Gil Barak, CTO of Israeli cybersecurity firm Secdo told CyberScoop. Those products included so-called “next generation” filters that don’t rely on known signatures, he said. “Not only did they not stop the attack, they couldn’t even see it,” he said. Attackers using the technique “can pretty much do what they want, unnoticed — and then vanish.” Barak wrote a blog post on the attack and appeared with noted security researcher Jake Williams on a webcast this week where the two discussed the […]

The post Super-stealthy attackers used NSA exploit weeks before WannaCry appeared first on Cyberscoop.

Continue reading Super-stealthy attackers used NSA exploit weeks before WannaCry

Should the government stockpile zero day software vulnerabilities?

Posted on by

Storm clouds are rising over the U.S. government’s policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process. Under the VEP, U.S. officials weigh the benefits of disclosing a newly discovered flaw to the manufacturer — which can issue a patch to protect customers — or having the government retain it for spying on foreign adversaries who use the vulnerable software. The process has always had a bias toward disclosure, former federal officials said. “We disclose something like 90 percent of the vulnerabilities we find,” said Richard Ledgett, who retired April 28 as the NSA’s deputy director. “There’s a  narrative out there that we’re sitting on hundreds of zero days and that’s just not the case,” he told Georgetown University Law Center’s annual cybersecurity law institute. […]

The post Should the government stockpile zero day software vulnerabilities? appeared first on Cyberscoop.

Continue reading Should the government stockpile zero day software vulnerabilities?

Shadow Brokers return to taunt U.S. government after ransomware spread

Posted on by

A mysterious group known for publishing highly classified computer code developed by the National Security Agency returned to the limelight Tuesday with a cryptic message concerning the future release of other government hacking tools and secretive information, including “network data from Russian, Chinese, Iranian, and North Korean nuclear missile programs.” “TheShadowBrokers is having many more where coming from?” a lengthy message posted Tuesday morning by the peculiar group reads, claiming they own “75% of U.S. cyber arsenal.” The message also cites the Equation Group, which has been observed operating in the wild by cybersecurity firm Kaspersky Lab and is believed to associated with an elite hacking unit within the NSA. “This is theshadowbrokers way of telling theequationgroup ‘all your bases are belong to us.’ TheShadowBrokers is not being interested in stealing grandmothers’ retirement money. This is always being about theshadowbrokers vs theequationgroup.” Since the Shadow Brokers posted their first message to […]

The post Shadow Brokers return to taunt U.S. government after ransomware spread appeared first on Cyberscoop.

Continue reading Shadow Brokers return to taunt U.S. government after ransomware spread

WannaCry FAQ: What you need to know today

Posted on by

Friday May 12th marked the start of the dizzying madness that has been ‘WannaCry’, the largest ransomware infection in history. Defenders have been running around trying to understand the malware’s capabilities. In the process, a lot of wires have gotten crossed and we figured it’s time to sit down and set the record straight on what we know, what we wish we knew, and what the near future might hold for us going forward. Continue reading WannaCry FAQ: What you need to know today