The gift that keeps on giving

Anyone keeping tabs on the leaked tools and exploits of ‘The Equation Group’ (NSA), will be aware of the numerous infrastructure patches that are being released by vendors to plug the gaps in vulnerable firewalls.

These are sure to be coming thicker and faster, for instance this week SilentSignal, a Hungarian based security consultancy, has extended the capability of last week’s ExtraBacon Cisco SNMP hack to be effective against newer models of ASA (the original code was leaked/accessed in 2013).

This particular vulnerability requires knowledge of the SNMP string and for SNMP to be running and accessible by the attacker, i.e. not restricted by an access control list and is therefore not much of a problem for correctly configured devices. Unfortunately many devices are not correctly configured and these attacks are now being seen abundantly, like wasps, in the wild.

The origins and motivation for this leak remains unclear. A computer science linguistics Professor from The University of Illinois (Shlomo Argamon, no kidding) is claiming that the Pidgin English used in the ‘Shadow Brokers’ announcement, which we suggested you read last week, is in fact a deliberate ruse by a native US English speaker to pretend to be Boris. Well we never. Will this turn out to be an inside job, a double or treble bluff?  Stay tuned for more updates!

You can read Shlomo’s analysis, at whatever speed you like here.

We have always maintained that the primary motive for hacking is cold hard cash. This has been shown to be the case this week in a highly cynical, potentially dangerous show of money grabbing.  A newly formed outfit called ‘MedSec holdings’, based in Florida (which has an enormous aging population, surely no coincidence), identified exploitable bugs in pacemakers and defibrillators manufactured by St Jude Medical.

Upon finding the life threatening vulnerabilities, did the mighty men of MedSec inform the manufacturer? Oh no they didn’t. What they did was to join forces with the appropriately named Muddy Waters Capital to short the stock in St Jude Medical and then announce the bugs to investors causing the stock to fall 4.4%, clearing up in the process.

You can read the (as ever) excellent Register’s report on this new, and in our opinion very shady angle on hacking here.

ITC will keep our customers abreast of patches that are relevant as part of our service process, if you would like to discuss any of the points in this weeks blog, or discuss your security issues and requirements, please contact us at: [email protected] or call 020 7517 3900

P.S. If you have Apple iOS devices, you had best make sure they are updated to 9.3.5. This fixes three bugs, which are being seen in the wild and present the opportunity for your data to be robbed. Sophos’ thorough update on the matter is here.