Security is just an illusion


Source : Internet


My research in Cyber Security has been an overwhelming one. I wonder how it has led me to infer that “security is just an illusion”. Numerous articles on cyber security have proved that my inference is not a mere and hasty thought of mind.
We can evidently notice how the world is crying now because of the ransomware named WannaCry. This is not the only malware or ransomware attack that has happened till now. Whatsoever be the case, these attacks have been massive and have succeeded in negative reverberation. People have started realizing what importance does data and privacy hold over the internet…aware to the fact that these two are the most vulnerable ones over this channel.
The group of hackers, popularly known as, Shadow Brokers have done a fantastic job by leaking out set of tools and exploits from NSA, thus making it clear what is going on in background. But the question arises, “What is NSA doing in the name of national security?” To get a clear-cut answer to this, these are not the only set of tools which are being leaked by the NSA, there are several of such kind.
On a serious note, WannaCry is not just an “apparent” halt to security , it’s an alarm to awaken. It is just only a single recipe which is made from Windows SMB exploit code named ETERNALBLUE leaked by Shadow Brokers. It was not the only exploit they leaked. Most of them are listed below:
  • EARLYSHOVEL RedHat 7.0–7.1 Sendmail 8.11.x exploit
  • EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.
  • ECHOWRECKER remote Samba 3.0.x Linux exploit.
  • EASYBEE appears to be an MDaemon email server vulnerability
  • EASYFUN EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6
  • EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet
  • EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2
  • EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor
  • ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17–010)
  • EDUCATEDSCHOLAR is a SMB exploit (MS09–050)
  • EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10–061)
  • EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2
  • ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client’s side to send an email to other users
  • EPICHERO 0-day exploit (RCE) for Avaya Call Server
  • ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
  • ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17–010)
  • ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1 (MS17–010)
  • ETERNALCHAMPION is a SMBv1 exploit
  • ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers
  • ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
  • ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later (MS08–067)
  • ETRE is an exploit for IMail 8.10 to 8.22
  • ETCETERABLUE is an exploit for IMail 7.04 to 8.05
  • FUZZBUNCH is an exploit framework, similar to MetaSploit
  • ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
  • EXPIREDPAYCHECK IIS6 exploit
  • EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release
  • EASYFUN WordClient / IIS6.0 exploit
  • ESSAYKEYNOTE
  • EVADEFRED


Most of it has been disclosed, yet the hardest to figure out is – Who is to be blamed for all of the hue and cry? A Google researcher Neel Mehta had tweeted in saying that WannaCry has similarities with a malware developed by North Korean hackers’ group called Lazarus in 2015. But they can’t be blamed fully as anyone can refer and write new malwares based on old ones. Some people have stuck to blaming NSA, some blame Microsoft(for the late release of patches for the vulnerability), all to vain!
Who is the real villain? – the perplexing question still prevails. This story will certainly continue for it’s awfully a series of multiple mood episodes. As what we see(secure web) may or may not actually exist. I’m sure everyone will now agree “Security is just an illusion”.

Comments

Popular Posts