We are keep getting surprises in the cyber-security world and this is one of the biggest surprise. Few weeks back, someone out of the blue started leaking the NSA's secret. The so called Shadow Brokers leak dropped 300MB of stolen data onto the open web. 300MB dropped of stolen data which includes live exploits for some of the web’s most crucial network infrastructure, apparently stolen from the NSA in 2013.
Now the question arises, who are Shadow Brokers?
The Shadow Brokers are an unknown hackers who emerged few weeks back and shocked the world with their claims that they have hacked the Equation Group, an advanced malware threat believed to be the NSA. They started an online auction of the Equation Group exploits which they claim they have possession.
From the above screenshot, you can see they announced the leak of this data, which is quite different from normal leak and it is kind of a teaser for NSA. The leak announcement has been posted to various social sites including Twitter, Reddit, Tumblr, Imgur etc.
Was it real?
Researchers at Kaspersky Lab confirmed that it is a real exploit and there is a connection between the available tools for auction and malware frameworks belonging to Equation group. Most of the exploits in 300MB dump are for high-end enterprise networking gear, including Cisco, Juniper and Fortinet firewalls. This bring attention of major cyber security vendors like Fortinet who mentioned that versions lower than 4.x of Fortigate firmware are affected by the vulnerability in the Shadow Brokers data dump, and users are urged to upgrade to 5.x immediately. Cisco mentioned that it has not yet released software updates for ASA that address the zero-day vulnerability; there are workarounds as well that Cisco recommends until patches can be applied.
Here is the list of products which will be impacted by Shadow Brokers exploits:
Products Impacted |
Lower Version 4.x of Fortigate - Fortinet |
Cisco Adaptive Security Appliance (ASA) software |
Chinese Company, TOPSEC's Firewall |
Rapid Stream appliances - WatchGuard |
Juniper Netscreen firewalls |
Cisco PIX |
Cisco Firewall Services Module |
Shaanxi network Cloud and many more |
What this Leak can lead to?
All these codes were designed to break through firewalls system and get inside the computer systems of other major economies like Russia, Iran and China. Of course, India will be on target list too and I don't think our cyber-team has skills to respond these types of advanced attacks.Just after few weeks from Mr. Snowden fled Hawaii, landing in Hong Kong before ultimately going to Russia, it appears that someone obtained that source code. This would be an even bigger security breach for the N.S.A. than Mr. Snowden’s departure with his trove of files.
Now it will depend on who person or group wins the auction. Now there can be multiple scenarios here, for example: if NSA wins it, then it is safe and in case, some malicious group gets a chance to have a hold of it, then it can cause a severe threat to lot of major governments and corporate networks across the world.
References:
http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
https://www.engadget.com/2016/08/26/untangling-the-nsas-latest-alleged-embarrassment/
https://threatpost.com/cisco-acknowledges-asa-zero-day-exposed-by-shadowbrokers/119965/
Comments