The increased cyber security threat to enterprises
been made much worse by two significant leaks of data which occurred in 2017. These are the Vault 7 leaks and the Shadow broker leks
Vault 7 leaks
On the 7th March 2017, WikiLeaks started to released documents about the US Government’s offensive cyber warfare capabilities. The first tranche consisted of 7,818 web pages with 943
attachments, purportedly from the Center for Cyber Intelligence. Between the 7th March and 7th September 2017, a further 22 tranches of information were released including the cyber warfare
tools and software claimed to have been developed by the CIA. The information, software and tools that were leaked are generally accepted to be “nation state” capabilities.
Shadow Broker leaks
Shadow broker is a group of self-styled hackers who first came to prominence in about 2013 but in the middle of 2017, they released into the public domain a massive collection of tools and
information about zero-day exploits hoarded and used by the Tailored Access Operations (TAO) Group of the US Government’s National Security Agency. TAO is widely understood to be the
proactive hacking (cyber warfare) group within the NSA. The Shadow Broker leaks exposed vulnerabilities in Cisco routers, Mycroft’s Windows Operating System and Linux mail servers amongst others, including the exploit used by the authors of WannaCry ransomware that infected computers in over 150 countries worldwide.
The consequences of these two leaks is that extremely advanced and sophisticated “nation state” cyber warfare and hacking tools and information has been released into the public domain and the
hands of lesser capable countries, and criminals and hackers. This in turn has significantly enhanced their capabilities to attack enterprises who, for the most art, are not equipped to defend
against “nation state” types of attack. These tools operated across the entire security stack namely infrastructure, application, data and user domains.