Get ready for what’s next. The impact of the Vault 7 breach will be with us for years

By March 8, 2017Blog

CIAIt’s safe to say that the security teams at the US Central Intelligence Agency are busy assessing the damage to their cyber surveillance capabilities now that Wikileaks has dumped what is believed to be the Agency’s hacker tool kit into the wild.  For any Nation/State, it’s a devastating event to have their secret weapons suddenly made public for all to see and use.

Every malicious hacker dreams of getting their hands on the CIA’s tools.  While the popular press has focused on the ability to turn IoT devices into surveillance tools and the privacy risks that represents, the real danger here is the potential for a tidal wave of Zero Day attacks aimed at enterprises, especially enterprise web applications.

But, for every person’s dream, there is a companion nightmare scenario.  While network security gets all the attention, malicious hackers number one attack target is applications which more often than not contain known and unknown software flaws. The release of an entire library of previously unknown attack vectors means that under-resourced and over-worked application (and network) security teams must prepare for the inevitable – tools intended for government intelligence being directed at businesses of all sizes.

Unplugging your Amazon Echo and smart TV fixes the issue for the most consumers who are concerned. However, it will take enterprise security teams and software vendors months, weeks or years to address the new exploits headed their way over the next year or longer. (Data thieves are a notoriously patient lot and are more likely than not to drag out the release of these exploits for years.)

Simply put, the good guys are about to be outgunned. There are, though, steps enterprise security teams can take today and in the coming weeks to prepare for what could be a prolonged period of never-seen-before attacks.

  1. Stop blindly trusting your software.  Software flaws don’t just occur in the code your team writes and you should be looking for and protecting against vulnerabilities in every part of your software stack, including the platform itself.Add security controls throughout your software supply chain and software stack and perform security code reviews on all code that receives user input.
  2. Prioritize patches. For most organizations, the vulnerability find-to-fix ratio is 5-10:1. In larger enterprises, that can represent tens of thousands of vulnerabilities across hundreds of applications and instances.  Finding the flaws is not the issue – protecting agains them as fast as possible without service disruption is. Look to virtual patching as a means to provide immediate protection while you prioritize the flaws that need to be physically patched.
  3. Harden your applications. Virtually every web application includes unused and unneeded APIs and other software code that your team did not develop. You can reduce the attack surface by turning off the software elements you don’t need. This will dramatically improv your defense against any Zero Day attack arising from Vault 7.
  4. Add deterministic-based defenses, not heuristics. There is a public policy debate in the US about should the government require/request software firms include undisclosed back doors that may now be open to exploitation.  While that debate rages above all of our pay-grades, security teams can address many of these issues by imposing rules-based approach to security instead of the current guesswork-based heuristic defenses.  That’s a longer term approach but worthy of immediate evaluation.
  5. Separate privileges and run the software using the lowest privileges.  In most cases, attackers escalate their privileges after initial access to cause more damage to the compromised system and access restricted information/functionality. To avoid such scenarios the system must be compartmentalized, its trust boundaries and data flows must be identified, and separate privileges need to be defined for each trust boundary. This usually requires an in-depth architectural analysis of the software system, but software tools can help automate this task.

Each of the past five years have set records for the number and severity of attacks.  Thanks to the Vault 7 breach, 2017 may be the worst yet.


Author:

James Lee

 

James E. Lee is Waratek Inc’s Executive Vice President and Chief Marketing Officer.  He’s also the former Chair of the Identity Theft Resource Center.

 

Author News

More posts by News
CONTACT US
221, Mount Olimpus, Rheasilvia, Mars,
Solar System, Milky Way Galaxy
+1 (999) 999-99-99
PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vbWFwcy9lbWJlZD9wYj0hMW0xOCExbTEyITFtMyExZDYwNDQuMjc1NjM3NDU2ODA1ITJkLTczLjk4MzQ2MzY4MzI1MjA0ITNkNDAuNzU4OTkzNDExNDc4NTMhMm0zITFmMCEyZjAhM2YwITNtMiExaTEwMjQhMmk3NjghNGYxMy4xITNtMyExbTIhMXMweDAlM0EweDU1MTk0ZWM1YTFhZTA3MmUhMnNUaW1lcytTcXVhcmUhNWUwITNtMiExc2VuITJzITR2MTM5MjkwMTMxODQ2MSIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIHN0eWxlPSJib3JkZXI6MCI+PC9pZnJhbWU+
Thank You. We will contact you as soon as possible.
COMPANY NAME
Dolor aliquet augue augue sit magnis, magna aenean aenean et! Et tempor, facilisis cursus turpis tempor odio. Diam lorem auctor sit, a a? Lundium placerat mus massa nunc habitasse.
  • Goblinus globalus fantumo tubus dia montes
  • Scelerisque cursus dignissim lopatico vutario
  • Montes vutario lacus quis preambul denlac
  • Leftomato denitro oculus softam lorum quis
  • Spiratio dodenus christmas gulleria tix digit
  • Dualo fitemus lacus quis preambul patturtul
CONTACT US
Thank You. We will contact you as soon as possible.
PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vbWFwcy9lbWJlZD9wYj0hMW0xOCExbTEyITFtMyExZDYwNDQuMjc1NjM3NDU2ODA1ITJkLTczLjk4MzQ2MzY4MzI1MjA0ITNkNDAuNzU4OTkzNDExNDc4NTMhMm0zITFmMCEyZjAhM2YwITNtMiExaTEwMjQhMmk3NjghNGYxMy4xITNtMyExbTIhMXMweDAlM0EweDU1MTk0ZWM1YTFhZTA3MmUhMnNUaW1lcytTcXVhcmUhNWUwITNtMiExc2VuITJzITR2MTM5MjkwMTMxODQ2MSIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIHN0eWxlPSJib3JkZXI6MCI+PC9pZnJhbWU+
Thank You. We will contact you as soon as possible.
COMPANY NAME
CONTACT US
Dolor aliquet augue augue sit magnis, magna aenean aenean et! Et tempor, facilisis cursus turpis tempor odio putonius mudako empero brutto populius giten facilisis cursus turpis balocus tredium todo.
Thank You. We will contact you as soon as possible.
PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vbWFwcy9lbWJlZD9wYj0hMW0xOCExbTEyITFtMyExZDYwNDQuMjc1NjM3NDU2ODA1ITJkLTczLjk4MzQ2MzY4MzI1MjA0ITNkNDAuNzU4OTkzNDExNDc4NTMhMm0zITFmMCEyZjAhM2YwITNtMiExaTEwMjQhMmk3NjghNGYxMy4xITNtMyExbTIhMXMweDAlM0EweDU1MTk0ZWM1YTFhZTA3MmUhMnNUaW1lcytTcXVhcmUhNWUwITNtMiExc2VuITJzITR2MTM5MjkwMTMxODQ2MSIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIHN0eWxlPSJib3JkZXI6MCI+PC9pZnJhbWU+
CONTACT US
COMPANY NAME
221, Mount Olimpus, Rheasilvia, Mars
Solar System, Milky Way Galaxy
+1 (999) 999-99-99
Thank You. We will contact you as soon as possible.
Get Protected. Now.
We just need a few details from you so we can give you a call and setup the demo.
Almost There.
We just need a few details from you and then you can download the document.
Deserialization Webinar
We just need a few details from you and then you can view the webinar.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Almost There.
We just need a few details from you and then you can download the document.
Get Protected. Now.
We just need a few details from you so we can give you a call and setup the demo.