Clavister Blog Staff

Lessons from the Vault 7 breach

In Blog post by Clavister Blog Staff

The recent Vault 7 leak  has been described as the biggest disclosure of classified information on backdoors, and espionage tools and techniques since the documents released by former CIA employee Edward Snowden appeared in 2013. Some believe the new leak may be bigger still. In any case, here are four important points to note from the leak, together with their implications for security.

  1. Zero-day flaws are a problem – but not your main challenge

A large proportion of the leaked CIA exploits are focused on unknown vulnerabilities in products from major technology companies – so-called ‘zero-day flaws’. These are a major concern for IT security teams, precisely because they usually remain unknown until they are targeted. Cybercriminals who manage to identify a zero-day flaw can potentially walk straight through an organization’s defences.

However, according to Gartner, the vast majority of cyberattacks actually target known vulnerabilities – the analyst predicts that 99% of all the vulnerabilities exploited through to 2020 will be ‘ones known by security and IT professionals for at least one year’.  Think about it. Why should cybercriminals spend huge time and resource identifying brand new vulnerabilities when organisations are still failing to properly patch and close off the ones they are already familiar with? Ensuring your devices and software are all up-to-date and protected with the latest patches is one of the best steps you can take to protect your infrastructure and data.

  1. The IoT can be an open invitation

One particularly interesting exploit revealed in the leak is called ‘Weeping Angel’.  This targets Samsung smart TVs, and can potentially turn these TVs into silent snoopers, recording audio even after the TV is supposedly on standby.

The message for businesses is clear. Each time a new smart device is connected to your enterprise network, you have increased your potential attack surface.  Connected devices offer a rich landscape of potential routes into enterprise networks for hackers, and they are exploiting them to their advantage. Web interfaces are the source of many vulnerabilities in IoT devices, because they tend to feature bugs or hardcoded passwords. Businesses need to ensure they understand, see into and protect their IoT environment with the same rigor as the rest of their network – putting these devices into their own network segment and using the principle of least privilege, to limit the devices’ access to only the resources they need to operate.

  1. The insider threat

Although the source of the Vault 7 leak has not been revealed, the assumption is that it was at least partly due to an insider. And this is an issue that all organisations need to think about. Whether it’s a disgruntled employee genuinely seeking to do malicious damage, or a staffer who simply makes a mistake, humans are the weakest link in any security chain. Particularly when it comes to senior members of staff with privileged access to protected areas of the IT infrastructure, a huge amount of damage can be done either deliberately by that staff member, or by malicious third parties who manage to trick them into handing over credentials.

This is why a dynamic approach to cybersecurity education and awareness is so important, and also why it is vital for the IT security team to have a clear understanding of where different data sets are stored, who has access to them and how they are segmented and siloed off from each other.

  1. No backdoors

Clavister works hard to help organisations deal with all three of these cybersecurity challenges.  The final point to note is, unlike many other security solutions from a range of vendors (some of which have been named in the Edward Snowden leaks, and in other leaks), Clavister solutions have no backdoors that can be exploited by criminals, government agencies or any external body.  We develop our own software and operating system, so we’re one of the few companies in the network security industry that can demonstrate complete freedom from any form of government control over our products – and this freedom means greater network security for you.