NSA got owned

By now many of you have hear about the NSA hack. Because of this some vendors have  disclosed their vulnerability to the community.  This is a Hugh potential for issues in many environments worldwide. Today’s security administrators have a daunting task. Security devices log thousands of network events every day. New, complex targeted attacks designed to be evasive are difficult to identify and many be hidden within a multitude of other events.

Here is what happened according to an article at techcrunch:

“A group calling itself the Shadow Brokers dumped data online this weekend that it claimed to have stolen from the Equation Group, a hacking team widely believed to be associated with the NSA.

Cisco said in a security advisory that two vulnerabilities in the Shadow Brokers’ data could be used to breach its Adaptive Security Appliance (ASA) software used in its firewalls. “An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system,” Cisco’s disclosure says.

The data being offered for sale by the Shadow Brokers is dated between 2010 and 2013, so Cisco firewalls may have been vulnerable for years.

This exploit is referred to in the Shadow Brokers’ dump as EPICBANANA.

The second exploit, EXTRABACON, affects all releases of Cisco’s ASA software — but getting it to work is is tricky. The exploit would allow an attacker to take full control of the firewall system, but its complexity — and the fact that Cisco hadn’t discovered and patched it — suggests it was developed by a talented adversary.

Fortinet also said that some of its products released prior to August 2012 contained a vulnerability that would allow an attacker to take execution control over a firewall. More recent versions should not be affected, Fortinet said, although the company noted that its investigation into the code released by the Shadow Brokers is continuing.

Meanwhile, the Shadow Brokers also claim that their exploits will work on firewalls from Juniper Networks and TopSec, but neither company has publicly acknowledged the leak.”

As the IT environment evolves, mobile, cloud the Internet of Things. It is important for security to be one step ahead of the attackers and not a step behind. Did you know that Check Point Software just received it’s 12th NSS_Blog_260x260Recommended rating from NSS labs? Check Point’s Next Generation Threat Prevention (NGTX) with SandBlast™ was tested in the recent 2016 NSS Labs Breach Detection System (BDS) group test. Check Point earned the NSS ‘Recommended’ recognition for security effectiveness and value.

An essential ingredient to successfully block unknown malware and zero-day threats is an integrated, advanced sandbox, like Check Point SandBlast Zero-Day Protection. Sandblast inspects files in a safe, virtual environment to discover malicious behavior before it enters the network; and its advanced CPU-level detection identifies and stops attacks at the exploit phase, before malware even has the chance to deploy.

Author: Mark Bennett

I have traveled and consulted in 40 of the 50 states. Worked in industries from automotive, textiles, law enforcement, insurance, government, and health care. Forensics, Incident Response and Securing customer environments are my passions.