We always read about hacking and cybercrimes, but none really hit home to us too often (thank goodness). But, last month in Baltimore, this unfortunately was not the case.
The NSA, National Security Agency, isn’t a new organization to anyone. But what they actually do may eye opening to some. Part of the NSA's tasking is to hunt for vulnerabilities in the most commonly used software. Most of their findings, unfortunately, come from Microsoft. So, what does the NSA do once they find these loopholes?
Findings of security issues by the NSA, particularly those that are deemed to pose a significant national security risk or conversely, present the opportunity to gain a strategic advantage over our adversaries, are sent to the White House, where a designated committee holds a meeting that ends in a vote of whether they should give the software company this information for them to make a patch to update the weakness, or if they should keep it in their back pocket to use as a threat hunting tool for the USA benefit.
About 8 years ago NSA found a big issue in Microsoft SW that basically allowed an intruder to climb into your computer's attic unannounced and rummage around until they found things of value. And, unfortunately for you, there would not be an indicator of the break in until you needed something from your attic and went to go find it. This is where NIST compliance standards play a huge role in your cyber security.
This particular vulnerability was nicknamed Eternal Blue and was a huge resource in the field of counterintelligence and espionage for the US.
But, about 3 years later, a terrorist group, nicknamed Shadow Brokers, also found this vulnerability in Microsoft’s SW and used it to sneak into NSA’s attic, so to speak. There was a big back and forth between the NSA and the hackers, which evolved to them releasing all the NSA’s cyber warfare weapons and this Eternal Blue file to the public for free.
This last month, though, new hackers used this vulnerability in Baltimore to shut down work places for almost a month demanding ransom for release of their systems.
Microsoft has pushed the update remediating this vulnerability and the patch has since been released, but if you don’t click the install or update on the pop-up, your computer too will be susceptible to this weakness.
This is just one example of thousands as to why it’s important to keep your OS up to date and have a constant ear out for the latest cyber hacks.
If you feel your system could use some help and want to stay up to date on your NIST compliance, head on over to www.neqterlabs.com and check out our cybersecurity products to help secure your system!