Some Lessons from the Hacking Team Breach

Reactions to the breach at Hacking Team, as described in Steve Ragan’s recent blog post, have ranged from shock that a security company could be so deeply exposed to glee at these surveillance specialists getting a taste of their own medicine.


The data exposed in the breach, as well as the breach itself, are not really shocking. In today’s world, nothing is truly private and no data, whether private or corporate, is completely secure.


An important takeaway for organizations that care about their own cybersecurity is that, due to the proliferation of “cyber weapons” and the ease with which they are acquired, the likelihood of getting breached is rapidly increasing.


Check Point, like most reputable cyber-security vendors, offered immediate IPS protections for the zero-day exploits exposed in the breach. This is part of our continuous chase of zero-day vulnerabilities, whose rate of exposure increased considerably in the past 18 months.


However, we invest in much more than just “virtual patching” for such zero-day vulnerabilities. Check Point’s strategic investments in threat prevention address the very specific attack vectors exposed by the Hacking Team story.


Hacking Team develops and sells intrusion and surveillance tools to governments and law enforcement agencies. Some of their tools have been linked to cases of privacy invasion. Their technologies, which are not really unique, focus on new exploits (with Flash becoming a preferred target), and on attacking mobile devices, most of which are Android-based.


Check Point’s Threat Prevention strategy for 2015 focuses on these two very issues. We are now releasing a revolutionary CPU-level exploit detection, which provides much wider and more generic coverage for exploits like the Flash exploits distributed by Hacking Team, in a way that is OS-independent. Whether the exploit is applied in a Windows platform or a Linux one, our solution will detect and block it.


On a second front, Check Point is integrating Mobile Threat Prevention into our mobile Capsule solution. We protect all mobile users, with an emphasis on Android devices, against installation of malicious apps such as the ones used by Hacking Team.


Check Point is seeing high-profile organizations (such as government agencies, media and telecommunications companies, defense contractors, etc.) being attacked with a huge variety of tools, including nation-sponsored capabilities, improvised hacking tools, commercial exploit-kits, and more.


The Symantec Morpho publication of this past week (attacking enterprises for financial gains) and the Hacking Team story demonstrate again that the markets for cyber-attack tools and services are prospering. Cyber weapons, like Flash exploits, are impossible to control and are easily duplicated and resold. A warning to developers: once you create and sell a technology, you have zero control of it, and you cannot be surprised if it gets to the wrong hands. Ideally, most companies will look for better defenses and not interpret recent events as an opportunity to consider cyber weapons for attaining a competitive edge of their own.