In the news on Computer Weekly | By Warwick Ashford | April 18, 2017
Microsoft has underlined the importance of keeping software up to date by confirming that no supported versions of its software are vulnerable to leaked NSA hacking tools
None of the hacking tools allegedly stolen from the US National Security Agency by the Shadow Brokers hacking group work against supported versions of Windows, claims Microsoft.
According to the software firm, it released automatic security updates for all supported versions of the Windows operating system before the hacking group published details of the tools on 14 April 2017.
“Our engineers have investigated the disclosed exploits, and most of the exploits are already patched,” said Microsoft in a blog post.
The software company confirmed that patches had been issued for the following exploits: EternalBlue; EmeraldThread; EternalChampion; ErraticGopher; EsikmoRoll; EternalRomance; EducatedScholar; EternalSynergy and EclipsedWing.
“Of the three remaining exploits, ‘EnglishmanDentist’, ‘EsteemAudit’ and ‘ExplodingCan’, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk”, said Microsoft.
Security advisors have joined Microsoft in encouraging all Windows users to upgrade to supported versions of the operating system and to ensure that all available security patches have been applied.
Many businesses still have older versions of Microsoft operating systems such as Windows XP and Windows Server 2003 on their networks that are vulnerable to attack because they are no longer receiving security updates.
Leo Taddeo, chief security officer of Cryptzone said that while disclosure is important, knowing about the vulnerabilities is not nearly enough.
“According to the 2016 Verizon Data Breach Investigations Report, most successful attacks exploit known vulnerabilities that have never been patched despite patches being available for months, or even years.
“So while it’s important that Microsoft publicly disclosed the vulnerabilities and issued a patch, the challenge for enterprises is to update their infrastructure with the latest supported version of the affected products,” he said.
No details provided over hacking knowledge
Phillip Misner, principal security group manager at the Microsoft Security Response Center, provided no details of how Microsoft became aware of the hacking tools ahead of their publication.
He said only that Microsoft has long supported coordinated vulnerability disclosure as the “most effective” means to keeping software secure.
“This collaborative approach enables us to fully understand an issue and to deliver protection before customers are at risk due to public disclosure of attack methods.
“We work closely with security researchers worldwide who privately report concerns to us at firstname.lastname@example.org. We also offer bug bounties for many reported vulnerabilities to help encourage researchers to disclose responsibly,” said Misner.
Some of the tools published recently by The Shadow Brokers were allegedly used by the NSA to spy on financial transactions through compromising third party service providers linking banks to the Swift financial messaging service.
Swift has reiterated that it has no indication to suggest that its network or core messaging services have been compromised.
“The allegations, which date back to 2013, suggest that two service bureaux may have been targeted to gain the attackers unauthorised access to their bank customers’ data,” said the organisation in a statement.
Preventative measures in place
Swift said it is in close contact with the service bureaux concerned to verify that they are aware of the allegations and have appropriate preventative measures in place.
“Security is paramount, which is why we have been working with the Community through the Customer Security Programme (CSP) to raise awareness and provide tools and guidance around security,” the organisation said.
Swift has urged banks to pay close attention their own security and take security into consideration when selecting a service bureau and working with other third party providers.
“Securing software and systems by immediately installing security updates, patches and software is key to protecting against exploits such as these. Swift regularly releases security updates reinforcing our products, thereby protecting against known exploits and vulnerabilities,” said the organisation.
An accelerating risk
Joe Fantuzzi, CEO of RiskVision, said the publication of the hacking tools by The Shadow Brokers indicates an accelerating risk around verticals that possess extremely sensitive, high value data such as government agencies and financial institutions.
“While no vertical is immune to attack, cyber criminals continue to have vested interest in these industries because of lucrative gains from related exploits – and are driven not just from monetary gains but from political agendas.
“What’s more, the hackers that target financial institutions are often well-funded and highly organised with numerous sophisticated tools at their disposal. In short, once they set their sights on a target, it’s usually only a matter of time before they find a critical vulnerability that will enable them to access targeted data,” he said.
Fantuzzi said financial institutions should carry out a full assessment of their risk environment and become aware of all critical vulnerabilities that could lead to the theft and publication of sensitive data as a first step in protecting themselves from these kinds of attacks.
“Taking these steps up front will go a long ways in preventing disasters that include not only the risk of data theft, but the inevitable loss of reputation and brand, customer attrition and doubt, and costly compliance penalties if that data were to ever be publicised,” he said.
Read full article on Computer Weekly | By Warwick Ashford | April 18, 2017