The latest revelations by WikiLeaks, collectively called the “Vault 7 Leak”, have caused quite a commotion in the security world, reinvigorating myths that were previously viewed as theoretical. There are already several lessons to be learned from WikiLeaks’ most recent data dump, and we offer you three top takeaways from the initial document disclosure.
1. Every connected device can be hacked
The publication details exploitation techniques for all sorts of electronic devices: from PCs and laptops, to mobile devices, and even to Smart TVs and connected cars. While these techniques are not groundbreaking, the sheer scope of hackable devices revealed in the CIA trove is quite remarkable.
The Takeaway: Organizations need a comprehensive, multi-layered security approach to protect their networks. The days of single gateways have come to an end as threats are now being used to attack any Internet-connected device. Hackers seek to penetrate networks, and will use whatever entry point they can crack. As a result, businesses must try to protect them all.
2. All malware shares code
An interesting part of the story is that the code used by the CIA to hack into these devices was borrowed from ordinary malware. Threat actors learn to develop malware from the most sophisticated teams – state-sponsored actors. For example, after Stuxnet was revealed as the first completely state-developed malware, threat actors around the world copied its design, tactics and some of its code and used it to develop their own malware. There is no reason to assume the cycle would end there.
The Takeaway: All cyber threats relate to each other, no matter where they originate. State-sponsored techniques can quickly be adopted by threat actors, endangering all users and organizations, including other state actors. This means that whatever kind of business you are protecting, it’s necessary to defend against the most sophisticated threats. As for understanding the full extent of an attack, organizations should be able to trace the entire kill chain once the attack is discovered, using advanced protections and forensics software on endpoint devices.
3. Not all security measures are born equal
Detailed in the CIA documents are the agency’s considerable efforts to bypass security measures. According to the WikiLeaks’ documents, the CIA has ways to detect and deceive personal security products, as well as various virtual machine evasion schemes, as well as anti-debugging and obfuscation techniques to avoid detection. The flip side to this is that the current crop of security solutions provides formidable obstacles for an attacker wishing to conduct a covert operation.
The Takeaway: Cyber security solutions are actively protecting corporate networks, and do indeed provide value. However, it’s important to maintain your security solutions and keep them up-to-date, as malware and other threat vectors are constantly evolving and becoming more sophisticated all the time. This will require a paradigm shift away from the ordinary cat and mouse game of signatures and simple dynamic analysis protections to new state of the art protections.
Check Point will follow the events around the release of CIA documents by WikiLeaks as they develop. As of today the techniques, code and malware referenced in the initial Vault 7 disclosure have not yet been detailed. We will continue sharing our insights and analysis of the potential threats they may pose as we learn more information.