Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shadow Brokers – Details on Leaked Cyberintelligence Tools and Vulnerabilities A brief research note for Info-Tech’s members.

Published byWinfred Hubbard Modified over 6 years ago

Similar presentations

Presentation on theme: "Shadow Brokers – Details on Leaked Cyberintelligence Tools and Vulnerabilities A brief research note for Info-Tech’s members."— Presentation transcript:

1 Shadow Brokers – Details on Leaked Cyberintelligence Tools and Vulnerabilities
A brief research note for Info-Tech’s members.

2 The facts about the Shadow Brokers
On April 14, 2017, the threat actor group known as the Shadow Brokers publicized an arsenal of hacking tools as well as a series of zero-day exploits targeting various operating systems. 1 The Shadow Brokers (also known as the Equation Group) have, over the past eight months, leaked a gigabyte worth of confidential NSA weaponized software exploits. The exploits target more than just Microsoft products. Vulnerabilities were identified in a variety of operating systems, servers, and software, including Avaya, Red Hat, Solaris, Microsoft, IBM, and Linux. 2 3 Microsoft has released patches for the majority of Windows exploits. Refer to the appendix for a comprehensive list of exploits. 4 Not all exploits have been patched – it is worth the effort to assess your current exposure and update/patch impacted endpoints as necessary. The release appears to be politically motivated. Amongst the software releases were exploits into the SWIFT intercommunication banking system, a European banking program. 5

3 Best practices moving forward
The accessibility of the toolsets coupled with the severity of a potential breach could have dangerous implications. Several key takeaways include: Patching Security Just because a patch is available does not mean it has been deployed. Many organizations run a few patching cycles behind. Conduct an inventory of current operating systems and immediately patch vulnerable endpoints. Leverage Threat Intelligence Take a proactive approach to vulnerability identification. Leverage third-party open-source vendor websites and mailing lists to actively search for new indicators of compromise and CVEs. Schedule regular scans and prioritize your patching efforts. There Are Multiple Solutions Different methods can be used to remediate the same vulnerability. When patches are not available, configuration changes and defense-in-depth controls can be used to protect the organization. Drive Adoption Use this release as leverage not only to create organizational situational awareness around security initiatives but also to drive adoption of foundational security measures such as patch management, threat intelligence, and zero-day mitigation policies, procedures, and solutions. Assess Port Security Assess port security and exposure of internet-facing services related to affected RDP and SMB services. Standard Ports include 3389 and 445. Consider disabling unused legacy protocol such as SMBv1.

4 Immediate actions that you can take
Do not simply wait on vendors to update their security. 1 - Don’t overreact: understand the full scope of the leak. Determine your exposure and the potential risk implications. - Organizations must not remain idle and wait for new patches or reissued certificates from vendors. Complete your own due diligence to proactively mitigate security risks both in the short term and long term. Assess your exposure Prioritize vulnerabilities 2 - Conduct the appropriate due diligence to determine which relevant vulnerabilities have been patched (or not). Enterprises can demand proof of change from vendors by asking for evidence such as records of change, etc. - Where specific vulnerabilities are identified, use risk assessment processes to determine the priority for remediation. Patch management 3 - Implement relevant patches. Additionally, ensure that your team is monitoring all vendor patch updates over the next few months. Take this time to review and reassess your patch management processes. 4 - This is a good opportunity to review your security strategy and program, and ensure that defense-in-depth practices are in place where possible. - Leaks that get mainstream media attention are always a good opportunity to demonstrate to the board the importance of security. “Don’t let a good crisis go to waste!” Security strategy and incident response Leverage threat intelligence 5 - Review your threat intelligence feeds (or if there are none, refer to Info-Tech for guidance on setting them up) and ensure that they are being consumed and actioned. Timely intelligence can give you a crucial headstart against threat actors.

5 Maintain a holistic security program
The Shadow Brokers leak is a good reminder that security threats are often unknown and unpredictable. The only way to maintain effective defense is through a comprehensive and flexible security program. Respond Analyze Detect Prevent Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Effective anti-malware, diligent patching and vulnerability management, and strong human-centric security are essential. Detect: There are two types of companies: those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs. Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

6 Use this opportunity to conduct a security program evaluation
Leverage Info-Tech’s various security blueprints: Effective information security management will help you: Enhance your organizational security posture Risk reduction Enhanced compliance management Improved organizational situational awareness Build an Information Security Strategy Create and clarify accountability and responsibility Formalized role and process responsibility Enhanced internal and external communication Develop and Implement a Security Incident Management Program Control security costs Incident reduction Streamlined security operational process Strategy alignment Integrate Threat Intelligence Into Your Security Operations Identify opportunities for improvement Defined measurement program Defined opportunities for continuous improvement Improve threat protection Intelligence-driven security operations process Optimized patch management program Improved effectiveness of internal controls Standardized operational use cases Design and Implement a Vulnerability Management Program

7 Appendix: Exploit Information
Understand what was leaked to better prepare for attackers using new techniques and procedures. The three exploits not addressed in the recent MS patch (EnglishmanDentist, EsteemAudit, and ExplodingCan) cannot be reproduced on supported MS systems. Users running Windows 7 and above or Exchange 2010 and above are not at risk. Those using earlier versions of either are advised to upgrade. For a comprehensive list of MS patching updates, please visit Microsoft’s blog.

Download ppt "Shadow Brokers – Details on Leaked Cyberintelligence Tools and Vulnerabilities A brief research note for Info-Tech’s members."

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Copyright Security-Assessment.com 2004 Vulnerability Management Explained By Peter Benson.

Copyright Security-Assessment.com 2004 Vulnerability Management Explained By Peter Benson.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
HO20110473 1 © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc. 2015.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

Similar presentations

Ads by Google