The steps taken by cybersecurity firm Digital Guardian mirrors activity at a range of IT services outfits, which found themselves scrambling to identify the new exploits and fix as much as possible as quickly as possible.
Needless to say, it was a busy week at managed security services provider (MSSP) Digital Guardian.
The release by WikiLeaks this week of secret C.I.A. cyberweapons and methods for hacking into smartphones, computers and even smart TVs, set into motion a chain of responses aimed at protecting customers from a variety of previously unknown threats.
The steps taken by Digital Guardian likely mirrored activity at a range of IT services outfits, which found themselves scrambling to identify the new exploits, asses which clients might be vulnerable, and fix as much as possible as quickly as possible, before the exploits fully reach the wild.
“We need them to patch those vulnerabilities,” said Tim Bandos, director of cybersecurity at Digital Guardian.
The document dump appears to reveal hundreds of millions of lines of code containing secret C.I.A. cyber-weapons, including “malware, viruses, Trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation,” WikiLeaks said in a statement.
According to the release, the C.I.A. and other allied intelligence services have cracked Apple and Android smartphones, and can circumvent encryption on services like Signal, WhatsApp and Telegram.
Bandos and his team at Digital Guardian were among those who immediately began poring over the documents, trying to gauge the implications.
“One thing that we do is make sure that our technology hasn’t been exploited,” Bandos said, noting that numerous hardware and software vendors learned for the first time of vulnerabilities to their products.
Thus far, WikiLeaks has refrained from releasing the full code for the cyberweapons, in part, until it can ensure they can be disarmed.
“I think this is an effort to allow time to patch a lot of these issues,” Bandos speculated. “The fact that they haven’t released the actual code, leaves me with a bit of confidence.”
Ultimately, Bandos expects that WikiLeaks will release the full cyberweapons and hopes that by then, affected vendors – including major names like Cisco, Apple and Symantec – will have addressed the flaws.
“Every vulnerability will be different,” he said. “I think, really, the delay is going to be in getting (patches) deployed out to the consumers.”
“If you look at the smart TVs, they’ll have to update the firmware,” Bandos added. “You can’t just automatically push that out.
“Someone is going to have to connect to the Internet and download the update. There’s going to be a lag.”
The process is well underway at Digital Guardian.
“If we’re running anything that has those holes, we are proactive,” Bandos said.
“We’re cross-referencing all of the things that have been mentioned,” he continued. “We’re then monitoring those (vendor) sites to find out when the patch is available and we’ll immediately push that out to our customers.”
The wave of new threats is expected require close attention and careful monitoring for some time to come.
“We’re always looking for that kind of thing anyway,” Bandos said. “But we’re definitely on high alert.”
Send tips and news to MSPmentorNews@Penton.com.