The revelation by WikiLeaks that the CIA ‘lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation’ once again brings cyber security and defending yourself against attacks to the fore.
Previously, the U.S. technology industry secured a commitment from the Obama administration that the [NSA] would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers”. The WikiLeaks report, dubbed as 'Year Zero', claim that the CIA 'breached the Obama administration's commitments'. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumours of the vulnerability. If the CIA can discover such vulnerabilities so can others.
How does this revelation affect us?
The fundamental issue behind these revelations is not that the CIA could be spying on you and your organisation, but rather the main issue with these reports is what it represents for the landscape of security. We have seen a rise of IoT related cybersecurity hacks in recent years, but this leak report now shows just how serious the threat has really become
"The exposing of the CIA's weaponry to harness IoT devices, such as Cameras, TVs, Printers along with dynamic devices like mobile phones, into launch pads for malicious activity is just the tip of the iceberg. IoT devices are not designed with security in mind and most endpoint security is focused on traditional laptops and desktops- leaving the door wide open for malicious behaviour on those uncovered IoT devices. Whilst the CIA probably isn’t listening to your organisation, it is likely other groups are aware of the ease in which they can harness IoT to conduct malicious behaviour
Philip Harragan - Rebasoft, CEO “Several worrying conclusions follow for businesses who have little control over what connects to their infrastructures’ but much to lose:
- The technology industry will be working hard to close these loopholes, but it may take some time to get the patches out there (even assuming all the zero day exploits are in current supported software versions)
- It may also be some time before the pattern virus/malware industry catches up and provides signatures to detect and block the exploits
- The one-dimensional, “heuristics”, machine learning industry will push forward their approach. But the nature of the devices exposed – IP agile, remote / wireless networks - mean it is unlikely to be able to protect from these attacks – indeed, there could be a lot of alerts being generated, but little in the way of action possible by administrators of the systems as they will have no real understanding of the end device and where it is located
With over 40% of the devices connected to the network being "brainless", the scale of the opportunity for the criminal underbelly is vast. This report highlights the importance that organisations have in understanding the parameters of their network, every device connected to it, fingerprinting their behaviour and monitoring it in real-time for anomalous activity.
What can be done?
Rebasoft’s threat detection capabilities allow businesses to start by understand everything connecting to the network. No matter where or when. This is done non-disruptively and without the need to add software to PC’s or servers
Once every connection is seen, it can be classified and the job of protecting the critical components of the infrastructure begins. Clearly 100 million lines of hacking code is too much to do signature or bad IP detection. Rebasoft’s systems allow you to decide what your systems should be doing and then protect you against malicious behaviour. The system can then, if you want to, automatically remove malicious systems from the network.
After all what use is a detection system that allows malware to continue to propagate until someone has time to fix it?