Get ready for war
An another awful week in tech history. Because, for past five security researchers, cyber professionals are working hard to find a solution for that creepy ware,WannaCry and today is the sixth day. In the meantime, two incidents happened in the industry, which sounds both good and as well as bad. The good news is that, Apple.Inc has came forward and released patches to all of its devices in the ongoing week. The bad news is the statement given by the Shadow brokers, who leaked the Eternal blue tool of SMB exploit, which leads to the creation of WannaCry by a state-funded hacking group in North Korea.
'OH LORDY! Comey Wanna Cry Edition', starting the headline with Oh lordy, they delivered a statement, which had rang another red alert in cyberspace. In a brief statement, they promised to release vulnerable zeroday vulnerabilities for both PC's and mobiles in the month of June this year. Hopefully, they told that, 'We are planning to launch monthly subscription model, the subscribed members can alone get the data and tools dumped by us.'In the statement, there are two things, which the cyber security companies and manufacturers have to think. Instead of spending millions and billions on bug bounty programs. Subscribing to those groups may help the companies to identify the vulnerabilities earlier and patch it. If it has done on time, then ransomware infection based on vulnerable expolits in operating system and devices can be reduced.
'In June, TheShadowBrokers will be announcing "TheShadowBrokers Data Dump of the Month" service. TheShadowBrokers is launching new monthly subscription model named ' wine of month club'. Every month, people who pays membership fee to the Shadow brokers will be getting data dump regularly. And the shadow brokers won't be responsible for the usage of data dump. It's all up to the members, they mentioned in the blog post.
Starting from June, Shadow brokers will be selling the exploits, bugs, hacking tools which were stolen from NSA's Equation group to the subscribed members. TheShadowBrokers Monthly Data Dump could be the following:
1)web browser, router, handset exploits and hacking tools.
2)Selected items from newer Ops Disks, including newer exploits for Windows 10.
3)Compromised network data from SWIFT providers and Central banks.
4) And compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.
After this alleged statement, the group defamed Microsoft and other technical firms for not patching up the vulnerable components on time, when they leaked. They too pointed that, there is some hidden relationship between the equation group and microsoft. And the outcome of the relationship made the microsoft to delay the release of patches, which now eventually leads to ransomwre attack.
The positive pole:
Among the internet users, Microsoft has become unsecured and people are looking for a change, which should be secure and also simple. Obviously, Linux is many of the user's choice. In this chaos scenario, Apple.Inc has made an attempt to catch the market by releasing the updates for all its devices.
The updates launched for iOS, macOS, Safari, tvOS, iCloud, iTunes, and watchOS will be fixing 67 security vulnerabilities, which prevents the actors to perform remote code execution on vulnerable system.
Flaws and claws in iOS:
Apple's mobile operating system iOS 10.3.2 for the iPhone, iPad and iPod touch addresses 41 security flaws, 23 of which resides in WebKit, including 17 remote code execution and 5 cross-site scripting (XSS) vulnerabilities. Along with this, iOS 10.3.2 consists of another sets of flaws on iBooks, which may allow the attackers to remotely execute malicious code with root access. And memory corruption issue in AVE Video Encoder may allow an malicious application to gain kernel-level access, and certificate validation issue in certificate trust policy for handling of untrusted certificates. MacOS Sierra 10.12.5 has 37 vulnerabilities in iBook, which may allow the execution of arbitrary code with root access. In the same Os, there is an Wi-Fi networking issue , which could allow the actors to steal network credentials and access the network. Also , the updates are available for EL captain, Yosemite, Apple watch, Itv OS, iTunes, iCloud and all other products and services offered by apple.
It's a beginning:
It's astonishing, but at the same time it's too doubtful. After every attack, we learnt lesson. But now, shadow brokers are opened their gate to access the vulnerabilities with subscription. Do microsoft and other companies will accept the invite and pay. In the same time, Apple is making its device's security to next level through surprise updates.
Are we going to face the cyber war:
Literally not, because the cyber war is going on. And I'm not meaning the crucial ransomware attack, which is happening across the world for past seven days. Major media broadcasters around the world were promoting the ransomware threat as worldwide threat,. But it's a starting point to the third world war.
Actually, the ransomware attack happened on 12 May, because of the SMB exploit in the microsoft systems. And this SMB exploit (MS17-010) was initially exposed by Shadow Brokers in 14 April and this was one of the scheduled zero day exploits including Eternal Blue. Last month, the Shadow Brokers had written a blog post in a letter format, which displayed various political outbreaks and their opinions on US President Donald Trump.
Later on now, the Shadow brokers written an another blog post describing a business deal for upcoming NSA leaks. But in that post, the group defamed US government and big technology giants including Microsoft. Also, the shadow brokers directly pointed the North Korea for this ongoing ransomware threat and asked the America to go on war with North Korea. But actually, they indirectly conveyed the message that the North Korea has started the war on the countries and it's the time for united Nation to showcase its power. Before Shadow Brokers, the ever known hacktivist group ' Annonymous' has alerted the world that to ready for war.
How far the war would be?
The word ' war' reminds me two things, one is bloodshed and other is victory. But many nations don't want the first to happen, but needed the second one. To attain that, violators choice would be Cyber war. And the war has been started few years back, when US spy on citizens activities. After that, many small crimes such as malware attacks, data breach, phishing attacks happened. Like WannaCry nothing has exposed to large extent. In the meantime of WannaCry chaos, with the same SMB exploit, another malware attack has happened, which mines the bitcoins from the user by blocking the SMB exploit in microsoft systems. The malware is actually an anti-malware for WannaCry, because it blocks the SMB exploit and prevents the WannaCry from attacking.the vulnerable computers.
Researchers from Proof Point exposed a infected lab machine vulnerable to the EternalBlue attack. They expected that , the malware attack would probably be WannaCry, but surprisingly the machine had been infected with cryptocurrency miner Adylkuzz. ' As soon as, it infects Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools,' they mentioned in the blog.
What makes the world to get chaos?
North Korea's ransomware attack has stumbled the routine life of common citizens. Starting from hospitals to ATM;s, the service has been stopped. In India, banking services has affected more than demonetisation. The confusion is still remaining, whether ATM's are vulnerable to ransomware attack?
Regarding this, I asked some of the the security researchers through twitter. Among them, the user behind the twitter handle, Maliciouslink replied me that, 'Many ATMs run XP Embedded, which would have been vulnerable to eternalblue. Not clear to me of WannaCry could infect them, though,'
-Will be continued soon.
