False Alarm

We all know the story of Henny Penny, or Chicken Licken to the more modern amongst you. After an acorn falls on her head, she goes around convincing everyone she meets, that the sky is falling in and cajoling them into coming with her to tell the king.

The news hounds amongst you will almost certainly have had a chuckle about the US Geological Survey (USGS) issuing a false alarm of a magnitude 6.8 earthquake off the coast of California this week. Computers misinterpreted data from 1925 or something. No biggy, shares in underwear stockists soaring on the NYSE.

And this is the problem of prediction, you are dammed if you do and dammed if you don’t, and if you do for the reasons of fuelling fear, uncertainty and doubt for your own nefarious purposes then surely you will be dammed.

So now we come to the scumbags who call themselves ‘The Shadow Brokers’ (Mwahahaha).

Quick bit of background for those recently released from solitary; The Shadow Brokers has a large stash of weaponised/weaponisable vulnerabilities stolen from the so called ‘Equation Group’ (not quite as gangster, is it?) who are, allegedly contracted affiliates of the American National Security Agency.

Having failed to sell them as a job lot, the villains released a significant number of them for free. As we all know, a number of these were used to perpetrate the WannaCry malware, which impacted a large number of Windows 7 machines, especially in UK NHS hospitals, very nasty. In fact, it continues to cause trouble, reportedly taking a Honda factory out of action for a day this week.

Basking in their own shallow, dirty, exploitative (enough, enough – Ed) nastiness, the Brokers are now offering sets of exploits on a monthly subscription basis – a bit like wine (or should that be turd) of the week. You can read their garbage here.

The due date for the next release has been announced by the bad guys themselves as July, which brings us round to the problem with predictions.

Several announcements are doing the rounds, from many security vendors, warning people to expect something potentially seismic in the first two weeks of July, the last two weeks of July, the middle of July and every day between. Of course, these warnings come with promises that the vendor’s solution will help you. That is of course if you could order it, do the legals, deploy it and make it operational before July. Jog on.

Regular readers of this blog will have read our May 18th piece entitled WannaCry, Patch Don’t Panic.

Here was our advice at the time:

  • Firstly, each attack needs to be considered on its own in terms of viability and subsequent risk.
  • Secondly, it is important that a playbook is established for ‘what if’ scenarios. We would recommend this never includes paying anybody. Backup… check backups.
  • Thirdly, at this time, as an organisation you need to be all over the appropriate mitigating controls.

Our perspective has not changed. Do the basics. Back your stuff up, patch to the best of your ability and understand your vulnerabilities. If you can automatically remove non-compliant devices from your network (Network Access Control), do so. Be vigilant and encourage your staff to be vigilant, especially when clicking on links in emails and as we recommend above, be prepared.

There is absolutely no doubt that the Shadow Brokers’ cache will find its way into the hands of bad people. It is very important to watch out for urgent patches from your vendors.

Of course, it isn’t always bad guys who unleash naughtiness into your stuff. In May this year, security researchers found that an audio tool, installed at the factory by Hewlett Packard included a bonus keystroke logger, copying your keystrokes to an accessible file

Now predicting that would be a long shot, not as long as this Canadian sniper, but pretty close.

Check to see if your HP is listening to your every finger and remove it or look for forthcoming HP patches.

If you would like to discuss the Brokers, The Equation Group, keystroke logging or anything else discussed in this blog, please contact us at: [email protected] or call 020 7517 3900.

Stay on your toes, please.