The Shadow Brokers are turning out the lights. On their way out they dumped another suite of alleged National Security Agency hacking tools. Unlike last time, where the released exploits focused on network gear from vendors such as Cisco and Fortinet, these tools and exploits target Microsoft Windows operating systems. Most of the sixty plus exploits are already detected by antivirus vendors, such as Kaspersky, and it is a safe bet that all antivirus vendors will detect them shortly.
In Shadow Brokers’ farewell post, they say they are leaving the account open for someone to deposit 10,000 bitcoins — the equivalent of $8.2 million — to obtain the entire cache of alleged NSA hacking tools. To date, no one has paid the requested amount. With such a high price it has been speculated that the Shadow Brokers never seriously expected anyone to pay. This leads some to believe they are associated with a nation state who is trying to cause headaches for US spy agencies and the administration.
What can be done to protect your systems from these tools and exploits? Basic security practices of course. Keep your systems up to date with patches and operating system releases. Practice your usual good cyber hygiene such not clicking on links in emails. Be conscientious about what you plug into your home or business computers as a lot of malware can spread through external hard drives and USB sticks.
Also, it is imperative to have good backups and test your backups. Many times after a breach occurs, organizations find out too late that they’ve never tested their restore procedures to verify they have good backups. Or, they learn that their backups have been infected with malware from previous backups of compromised systems.
Have an incident response plan in place and practice your incident response plans regularly. Having a plan is great. But you need to practice to make sure your team can execute your plan. Plans without practicing is the equivalent of a firefighter knowing it takes water to put a fire out, but not knowing how to get the water off of the fire truck and onto the fire.
Know your network; and consider using RedSeal. Even if you don’t use us, knowing your network will lead to greatly enhanced resilience and enable your incident responders to keep business and mission critical systems online and functioning during an incident. Security is not sexy, despite what Hollywood depicts. There is no silver bullet that will magically make your network impervious. It takes hard work and continuous effort to build and maintain resilient networks. So, do you know yours — completely?