The importance is that Equation Group may have links to the NSA and Shadow Brokers may have links to Russia. One theory goes that Russia exposed the alleged NSA tools as a way to embarrass the NSA and weaken whatever response the U.S. might initiate against Russia for its alleged hack of the Democrat National Committee.
The advertised sale of the tools may have been a ploy to give the story wider attention and so a greater impact against the NSA.
It turns out the tools work against specific devices made by specific vendors were years old, and the tools may have been lifted from a single NSA server on which careless operatives had left them.
The importance is that it seems a Russian group hacked an NSA server to capture cyber spy tools.
$65 million bitcoin hack
Bitfinex, the bitcon trading platform, was hacked for nearly 120,000 bitcoin Aug. 2, an attack that undermined the company’s three-tiered and purportedly impregnable key-exchange architecture.
The hack was the third largest bitcoin heist, but Bitfinex is the largest platform for converting bitcoin to U.S. dollars so it resonated widely. Bitfinex spread the loss across all its customers’ accounts – 36% of each account’s value.
Beyond that, the exchange was using a complex authentication that required two factors, one held by Bitfinex and one by its security partner BitGo. It was supposed to be highly secure. Compromising both companies would be required if thieves wanted to steal funds, the company said when it set up the scheme. BitGo says its system wasn’t compromised.
The lesson is that even the most sophisticated bitcoin exchanges are still susceptible to hacks and individuals and organizations using them should take steps to minimize their exposure.
Ransomware v. healthcare
Dozens of ransomware incidents this year were carried out against health care institutions, revealing how easy and lucrative ransomware has become as a business as well as how low criminals will stoop when choosing victims.
Many healthcare providers who were hit didn’t have backups or other means to recover quickly from the attacks and so they paid the ransom. More than one that paid was hit again by the same actor coming back for a second bite of the apple.
These incidents are likely to continue as long as it’s relatively simple to infect a victim and extort payment. Ransomware as a service is cropping up in the internet underworld, making it a threat to consumers as well as giant corporations.
The prevalence of these attacks should serve as warning that businesses in any field should have reliable, secure backups that can recover machines that have been encrypted by ransomware. And they should have systems that detect these infections early so they can be isolated to minimize the damage they do.
Sign up for Computerworld eNewsletters.