What the CIA’s hacking tools reveal about enterprise security
March 30th, 2017
WikiLeaks rocked the security world with its release of the CIA’s hacking tools, called “Vault7”.
Alarms sounded with the the initial data dump that reportedly included more than 8,000 files. What Wikileaks said was only the first in a series of leaks of confidential documents.
Initial reports said that the files contained a details of the CIA’s hacking practices, though as the details unfolded, the scope of what was revealed remained largely unclear. While the data dump does call into question the CIA’s use (or potential misuse) of power, it also reveals a vast range of sophisticated hacking tools, some known and unknown on the black market, that are used in their training procedures.
Whether the CIA has hacked into smart TVs or Android phones is not the paramount concern when it comes to enterprise security. The files reveal many of the tools that are already in the hands of cyber criminals, and those tools, in the hands of criminals, are used for targeted attacks against wealthy corporations.
Just as the CIA uses them for training procedures, cyber criminals too are able to utilize these exploits to develop their skills and capabilities.
Take Weeping Angel, for example. The tool is able to extract browser and WPA/Wi-Fi credentials and history. Similar to the flashlight app on cell phones, the tool has the ability to make a device appear as though it is off, but it is really only in standby mode, turning the device into a spying mechanism. According to WikiLeaks, the CIA took interest in the tool for its ability to enable streaming of audio and video capturing.
So, how do organizations prepare to defend against potential targeted attacks?
There are many keys on the enterprise security keychain, but one that can’t be under used is the patch. In understanding that many of these tools revealed in the leaked files take advantage of known vulnerabilities, many enterprises can rest easily knowing that their patches are up to date.
However, while exploiting known vulnerabilities is a common practice in security training, cyber criminals bank on the well-known truth that a lot of organizations fail to update and patch their systems, leaving them targets of attacks.
Whether the exploits were developed by government agencies or purchased on the black market, the risk to enterprise in mobile devices remains a growing threat. WikiLeaks charted the details of both Android and iOS exploits that the CIA used to conduct surveillance on some smartphones. End users are downloading potentially malicious apps that can turn any phone into a spying device in virtually every conference room. The threat isn’t government surveillance. The threat is in not understanding security risks.
As the threat landscape grows with the proliferation of mobile devices, so too does the amount of software. As software becomes more complex, the risk of error increases as does the number of vulnerabilities that can be exploited.
Cyber threats are happening every day because the criminals are as sophisticated and skilled as the defenders. In order to stay ahead of evolving threats, enterprises need to understand their cyber risk, which demands that they have high-quality information.
Reliable cyber threat intelligence that includes threat management, vulnerability management, and patch management of known exploits will improve the overall security posture, but organizations need accurate and actionable reports of which threats pose the greatest risks to their most valuable assets.
IntSight analysts agree that the authentic Vault7 tools have yet to be seen on the black market, and we'll keep monitoring until we find such tools emerge.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.