NSA, Shadow Brokers, and Small Businesses

The majority of IT professionals agree the current lack of cybersecurity skills has a direct impact a business's security vulnerability.Over a week later, there are still many questions unanswered regarding the release of hacking tools purported to be from National Security Agency (NSA). Mostly murky information and speculation appears on various internet new sites and blog.

General speculation at this time is that a previously unknown entity named Shadow Brokers posted stolen hacking tools for auction. One file of exploit tools was free and accessible, while a second file was for sale. (Both files are no longer posted). There were likely more than 10 distinct exploitable vulnerabilities in the free file. The exploit tools are likely to be from an external staging server, used by the Equation Group. This Group is said to be linked to NSA. The bottom line here: NSA was not directly hacked.

Additional common thoughts are that the exploits are real and potentially highly damaging. Firewalls produced by several network security systems companies are potentially vulnerable. On the more positive side, it seems the vulnerabilities are from 2010 to 2013 and some of the vulnerabilities have since been patched.

  • Cisco Systems is releasing patches for its firewalls that have newly identified vulnerabilities.
  • Earlier versions of some Cisco firewalls that are no longer supported by Cisco may be impacted by the released vulnerabilities.
  • Cisco publishes security advisories for the latest information.
  • Jupiter Networks provides a status on their security blog.

Another recent speculation is that the Russians are behind the theft of the hacking tools. There does not seem to be specific evidence of this, however. An alternative scenario is the theft was performed by an NSA insider, possibly to embarrass the agency, rather than to make a profit. It is estimated that the hacking tools could have been sold on the black market for several hundred thousand dollars, rather than released for auction the way they were.

Lessons learned for small businesses

As a variety of recent cyber-attacks have proven, small businesses as well as large businesses can be impacted by cybercrime against others. Tools and equipment used by a small business may be an inroad to an attack. Small and large businesses alike need to keep informed about cybercrime and have frequent dialogs with their cyber specialists to ensure the business’ own network system is as safely guarded as possible. Small businesses need to vigilantly watch for unexpected activity patterns on their network. Prompt patching of all software is imperative.