Much like how Eastern European countries were notorious for poorly guarding uranium stores, it’s become painfully clear that intelligence agencies are doing an equally bad job of protecting the vulnerabilities that fuel cyberweapons. The Wanna Cry ransomware that hit over the weekend is the digital equivalent of a dirty bomb: indiscriminately deployed and made possible because a government somewhere didn’t do their job. Fortunately, we have managed to avoid real dirty bombs, but the use of these digital equivalents will only become more frequent.
Don’t think for a moment that malware authors who hadn’t taken advantage of the caches being dropped by groups like Shadow Brokers as of yet are sitting on their hands any longer. As we speak, these vulnerabilities are being baked into banking malware, botnet malware, ransomware, malware designed to facilitate the theft of customer data or intellectual property, and so on. Some will be deployed indiscriminately, others will be targeted, some will be able to crawl networks, others will stay in place to do their work. There’s no putting this back into the box from which it came. Tactical threats will become more effective and mass attacks more prolific.
Everyone has a role to play in preventing these attacks from being successful. We need to raise awareness among users of security best practices, be on the lookout for the early signs of infection, quickly take down command and control servers, patch immediately and uniformly, etc.
Or, we can just duck and cover. That should work, right?