6
34
9
FEDERALLIST 5619
THE2
25
Shadow Brokers’ hack of NSA- affiliated Equation
Sh
cyber assets and escalate the confrontation as the U.S. responds.”
in the Philippines and Vietnam. Michael Angelo, chief security
architect at Micro Focus, said it was the most significant hack of the year. “SWIFT is, for all purposes, the intra-banking communications system,” he said. ”It has not been updated (significantly) in almost 25 years. Yet the usage models
of the banks have — think Internet and telebanking.”
“In multiple attacks disclosed this year, criminals infiltrated
bank networks to obtain access
to terminals connected to the SWIFT transfer network,” said Ryan Olson, intelligence director at Palo Alto Networks’ Unit 42. “The criminals learned the banks’ processes and wrote code to cover their tracks and, in at least one case, successfully stole over $80 million.”
“Data manipulation and record deletion attacks on financial institutions are two things we should be deeply concerned about, particularly as countries leverage offensive cyber capabilities as extensions of or alternatives to traditional military power,” Aitel said.
in
42
83 2
of zero-day exploits allegedly lifted Committee hack
117
from a National Security Agency multiple votes because it was
O16
Group
This hack received the most No. Democratic 1 votes from respondents.The National
adow Brokers leaked a payload
This hack received server. Opinion is divided over most directly attributed to a
whether it was a true hack or an nation-state (Russia) seeking to
sider operation.
Questions also persist about influence a U.S. election. Experts
whether NSA shared information also said the leak of nearly 20,000 about the vulnerabilities it had email messages raised concerns
collected with entities such as about the poor level of security
th used by Democratic Party entities e Defense Department and the
FBI so they could protect their and warned that there could be systems. more of this kind of criminal
Regardless, the incident set off activity in the works.
a number of alarm bells when “This attack exceeded the the Shadow Brokers went public. bounds of typical state cyber
Experts say the hack will deepen the conversation about the government’s obligation to share information on vulnerabilities so that industry can patch them.
“Engineers and analysts
are so far unable to determine whether the hack originated from Russian intelligence services or a disgruntled insider posing as Russian intelligence,” said Jonathan Barrett, a security services engineer at Vectra Networks. “Regardless, the penetration of such a
highly regarded organization demonstrates what serious security professionals already know: Everyone is vulnerable.”
Immunity CEO Dave Aitel added, “State-sponsored
cyber espionage certainly isn’t new or surprising. What is, however, is Russia’s willingness to aggressively engage U.S.
espionage activity,” Aitel said. “It also creates an intellectual problem: At what point does a foreign government’s attempt to influence an election cross the line? This Russian operation points out the murkiness and uncertainty of U.S. policy when it comes to offensive cyber
22 September 30, 2016 FCW.COM
o
perations against it.”
34
SWIFT hack of
Ransomware
Bangladesh’s
attacks on
central bank
hospitals
In February, hackers allegedly connected to North
Hackers have infiltrated networks at a number of hospitals
and locked down files and systems, forcing the hospitals to pay a ransom to regain access. Olson put the attacks at the top of his list.
“Most ransomware infections are opportunistic, but there is good
Korea stole $81 million from Bangladesh’s central bank
by manipulating Society for Worldwide Interbank Financial Telecommunication (SWIFT) protocols. It’s possible they also made similar attempts on banks