The release of the trade secrets of state-sponsored professional hackers to the public could lead to a "tidal wave" of cyber-attacks by novices with upgraded capabilities.
WASHINGTON, DC, March 09, 2017 /24-7PressRelease/ -- After the New York Times reported this week about what may be the largest leak of C.I.A documents in history on WikiLeaks, Michael Hill CISSP-ISSEP, C|EH a cybersecurity expert and president of CyberAssure, warns that the greatest concern to the public should be the potential new wave of cyber breaches that may follow. "Most hackers are far from being professionals," he explained. "We call them script kiddies. They don't actually know how to exploit the weakness in systems on their own but they know how to use hacking tools created by more talented hackers."
Drawing attention to the report of thousands of pages of seemingly legitimate material describing sophisticated software tools and techniques that could be used by government hackers to break into smartphones, computers and even Internet-connected televisions, Hill went on to elaborate on the seriousness of the threat. "On a scale of the seriousness of threat agents, script kiddies are on the lower end, but at the top, the most serious, are state-sponsored hackers and we have the best of the best. Now with this event the tools and techniques of our best cyber warriors are within reach of common criminals and others who would be typically be easy to defend against with common cybersecurity countermeasures."
He describes what could be a new wave of cyber breaches using tools and techniques that were previously in the sole realm of government professionals. He suggests that with a wide distribution of more sophisticated methods for security breaches, bad actors from organized crime all the way to pranksters have just become more dangerous to us all.
While most reports have focused on the implications of the CIA's activities and potential abuse of power, the potential for cyber-crime could be unprecedented if these security exploits are used by more common criminal hackers. The Times reported that the C.I.A. Is able to compromise both Apple and Android smartphones. "Do you use ApplePay?" Hill asked. Other reported tools and techniques target internet browsers to uncover passwords, the microphone on smart televisions to eavesdrop, and ways to compromise dozens of widely used apps.
"The biggest problem is that most of these tactics can now be performed by a much larger group of bad actors. Governments are not interested in stealing your identity or money; criminals are. This WikiLeaks release has multiplied risks to many more users." However, offering a ray of hope Hill added, "Fortunately, it looks like many of these hacks are targeting older vulnerabilities that may have been fixed in more recent patches or system updates. So, word to the wise: keep your software and hardware up to date at all times if you want to reduce the risk of a breach."
CyberAssure, a division of Next Level Solutions, LLC, provides expert cybersecurity services to public and private sector organizations of every size to assure effective information security governance, risk management, and regulatory compliance. They have designed and implemented information security control architectures for national security systems used widely by civilian and military branches of the federal government. Mr. Hill directly provides cybersecurity support, consulting, and training to national security organizations. Some of the organizations CyberAssure has supported include US Army PEO EIS, Naval Research Laboratory (NRL), Defense Intelligence Agency (DIA), Defense Logistics Agency (DLA), Patent and Trademark Office (PTO), Department of Commerce (DoC), and Defense Information Systems Agency (DISA).
After a twenty year career as a software developer and computer network engineer, our company founder Michael C. Hill MS, MBA, CISSP-ISSEP, PMP, C|EH, CCNA, MCSE began to target the risks posed as organization began to depend more and more upon information systems for mission critical operations. Everyday information risks are multiplying and the losses that may be incurred because of failing to fully implement a comprehensive security strategy are difficult to quantify, but include loss of intellectual property, litigation costs, loss of reputation, loss of consumer confidence, and more. There has never been a greater need to understand the impact that security threats can have on a company's bottom line. Organizations need experienced security advice to assess and address the cyber threat landscape that faces enterprises today. The skills and capabilities companies need to maintain a strong security posture, keep pace with rapidly evolving threats and take full advantage of new technologies that can protect their businesses are rare and difficult to retain. The field of information assurance or security attempts to help organizations wrestle with these challenges, but often efforts tend to drift too far toward either process or technology.
# # #