live casino online

On April 14, several hacking tools and exploits targeting systems and servers running Microsoft Windows were leaked by hacking group Shadow Brokers. Several of these were tools targeting financial organizations worldwide. The hacking group initially put these troves of stolen malware up last year but failed, and has incrementally released them since.

The latest haul of malware released by Shadow Brokers enables attackers to breach systems (including Linux), networks, and firewalls.

Which systems and platforms are affected?

live casino online¡¯s initial (and ongoing) analyses found over 35 information-stealing Trojans included in this latest leak. The dump included exploits that target several system and server vulnerabilities, along with Fuzzbunch¡ªa network-targeting hacking framework (similar to penetration testing tool Metasploit) that executes the exploits.

Here are some of the vulnerabilities exploited by the hacking tools:

• CVE-2008-4250 (exploit for which is codenamed ¡°EclipsedWing¡±, patched October, 2008 via )
• CVE-2009-2526, CVE-2009-2532, and CVE-2009-3103 (¡°EducatedScholar¡±, patched October, 2009 via )
• CVE-2010-2729 (¡°EmeraldThread¡±, patched September, 2010 via )
• CVE-2014-6324 (¡°EskimoRoll¡±, patched November, 2014 via )
• CVE-2017-7269 (a )
• CVE-2017-0146 and CVE-2017-0147 (¡°EternalChampion¡±, patched March 2017 via )

Other exploits addressed by Microsoft were ¡°ErraticGopher¡±, fixed before the release of Windows Vista, as well as ¡°EternalRomance¡± and ¡°EternalSynergy¡±. The two latter exploits leverage security flaws in Windows SMB server, and were patched in March 2017 via .

Some of the hacking tools chain several security flaws in order to execute the exploit. Many of these exploits are relatively old, with some dating as far back as 2008, for which patches and fixes have long been available. The Microsoft Security Response Center (MSRC) Team was quick to issue a detailing the patches/fixes that address the exploits confirmed to be in Shadow Brokers¡¯s latest dump.

live casino online¡¯s detections for exploits/Trojans related to Shadow Brokers¡¯s leak are:

• TROJ_EASYBEE.A
• TROJ_EDUSCHO.A
• TROJ_EFRENZY.A
• TROJ_EQUATED.G (several variants)
• TROJ_ETERNALROM.A
• TROJ_EXCAN.A
• TROJ_STUXNET.LEY
• TROJ64_EQUATED.E

Based on live casino online¡¯s ongoing analyses, affected platforms include private email servers and web-based email clients as well as business collaboration software. Windows systems and servers 2000, XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2 are affected by exploits that leverage Internet and network protocols. Some of these include: Internet Message Access Protocol (IMAP), network authentication (Kerberos), Remote Desktop Protocol (RDP), and Remote Procedure Call (RPC) service.

What does it mean for enterprises?

Patching plays a vital role in combating these threats. Many of the exploits from Shadow Broker¡¯s latest dump take advantage of reasonably dated vulnerabilities that enterprises can avert given the availability of their fixes/patches.

Conversely, they are still credible threats for many organizations, particularly those that run systems and servers on Windows 8 (versions 8 and 8.1), XP, Vista, 2000, and Windows Server 2008. For enterprises that use Windows Server 2003, the risk is exacerbated as Microsoft already support for the OS two years back.

The hacking tools also target vulnerabilities in email-based applications along with business-related software platforms, particularly those that manage collaborative functions in the workplace. Windows Server OSes are also an integral part of the network, data, and application infrastructure for many enterprises across all industries around the world.

Initial newscasts that the leaked exploits and hacking tools mainly targeted international banks. Nevertheless, any threat actor that can get their hands on these malware can customize them against their targets of interest, even including newer platforms and OSes.

What can be done?

Shadow Brokers is just one of the many groups whose arsenal of threats can risk businesses to significant damage to reputation and disruption to operations and bottom line. While there is no silver bullet for these threats, a multilayered approach is key to mitigating them.

IT/system administrators can deploy firewalls, as well as intrusion prevention and detection systems that can inspect and validate traffic going in and out of the enterprise¡¯s perimeter while also preventing suspicious or malicious traffic from going into the network. Information technology and security professionals can also consider further securing their organization¡¯s remote connections by requiring users to employ virtual private network when remotely accessing corporate data and assets. Disabling unnecessary or outdated protocols and components (or applications that use them), such as , unless otherwise needed, can also reduce the company¡¯s attack surface. Promoting a cybersecurity-aware workforce also helps mitigate the company¡¯s exposure to similar threats, particularly against socially engineered attacks.

Incorporating and configuring additional layers of security to remote connections can also help¡ªfrom network-level authentication, user privilege restriction and account lockout policies, and using RDP gateways, to encrypting remote desktop connections.

The hacking tools and exploits rely on security flaws to breach the systems and servers. Businesses can prevent attacks that utilize these exploits by keeping the OS and the software installed in them up-to-date, employing virtual patching, and implementing a robust patch management policy for the organization. Enterprises can also consider migrating their infrastructure to newer and supported versions of OSes to .