Friday, April 21, 2017

A "Digital Geneva Convention" won't be a reality without reliable cyber attribution

Microsoft released their idea of a “Digital Geneva Convention” to help normalize behavior on the cyber battlefield.  The document, linked here, is generally well written and documents the need for a document of its type.

While the idea of regulating the cyber domain is not a bad one, the proposal depends on attribution, a field that is sorely lacking in reliability and repeatability.  I've outlined some of those problems here.

Tuesday, April 18, 2017

Business impact of the Shadow Brokers dump of Windows exploits

The Shadow Brokers have dumped their cache of exploits for Windows systems (supposedly stolen from NSA).  Although some were originally reported as zero-days exploits, this has since been proven to be incorrect due to recent Microsoft patches.  However, there's still plenty of business impact.  In what I'm sure will be the first of many posts on this topic, I'm focusing on the problem of Windows Server 2003, which continues to be widely deployed.

Read the full post, complete with recommendations for businesses here.

Sunday, April 9, 2017

Russia “crosses the Rubicon” with newest Shadow Brokers dump

Russia is likely using the latest Shadow Brokers release to attempt to control the news cycle and take coverage away from the Syria conflict. Yesterday, in a political rant using broken English, the Shadow Brokers released the password for the encrypted zip file they seeded last year (link).
This release gives threat intelligence teams unprecedented insight into the capabilities of the Equation Group hackers. The dump appears to contain only Linux and Unix tools and exploits, so organizations running only Windows don’t need to react to tools in this release (though they should check their available netflow and firewall logs for evidence they have communicated with redirection hosts posted here). For organizations running Linux and/or Unix, it should be noted that most of the exploits target older software version. However the dump is still significant for threat intelligence professionals. Because Equation Group is likely typical of other nation state hacking groups, the dump offers unprecedented insight into the capabilities and targets of an Advanced Persistent Threat (APT) actor.
Read the rest of our analysis here.