News

Rob Joyce was previously head of the NSA’s Tailored Access Operations (TAO), and is now a member of White House National Security Council.  He is now President Donald Trump’s cybersecurity coordinator. Rob is someone well known to us here at Cyber-Shadow.  

Rob Joyce with President Donald Trump

In 2016 Rob, came out of the shadows and presented “Disrupting Nation State Hackers” during the USENIX Enigma conference in San Francisco. Rob refers to NSA’s TAO organization as a nation-state exploiter, responsible for breaking into foreign adversaries. During the event, he provided insights into strategies nation-state actors (such as the NSA) use to “own” systems.

Although, this is not new information but are insights on five commonly known cybersecurity strategies, attacks, and exploits.

At Cyber-shadow we have extensive experience of these strategies that we think of as reconnaissance, initial exploitation, establishing persistence, installing tools, moving laterally, and finally collecting, exfiltrating and exploiting.

 

 

WannaCry uses an exploit that was publicly released by the group calling itself Shadow Brokers. It is also known as “WanaCrypt0r”, “WeCry”, “WanaCrypt” or “WeCrypt0r”

Our analysis indicates the exploit is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.

wannacry screenshot


We support the findings, of Google security researcher Neel Mehta who pointed out in a tweet, that code used in WannaCry bore similarities to code used by the Lazarus Group. This group consists of a cadre of cybercriminals believed to be responsible for the 2014 Sony hack and a recent $81 million heist of the Bangladeshi central bank.

Although it is true that a killswitch has been activated, our intelligence cell has already seen a version without the killswitch starting to spread. We strongly recommend anyone running old versions of windows (XP, 7) to install the Microsoft patch and/or shut down smb shares. In fact all operating systems should be kept updated and patched, preferably automatically or as regularly as possible

If you have been affected, we recommend against paying the "ransom". These criminal gangs rarely decrypt files or release ransomed content, instead trying to get more money from you. In this case, there is so much international attention on the surprisingly small number of target bitcoin wallets that anyone trying to extract money will most likely be noticed. We also note that remote decryption is not necessarily possible upon payment.

Our cell tells us that criminals are now able to pay a "monthly subscription" for exploits from the same source, meaning that attacks like this are likely to be more common in the future. This ransomware cyber attack shows how vulnerable data is, and why we need to protect it. We are here to help prepare for the next attack, contact us today for a personalized service.

There are a number of defences anyone can take such as staying up to date with operating systems and patches, but there are some less well known techniques we can apply to defend you.

At cyber shadow, we are always here to help.  We recommend the following advice to mitigate your exposure to malware and ransomware:

  • Keep your PC up to date via Windows Update. WannaCry doesn't even try to attack Windows 10, choosing instead Windows XP and other older Windows operating systems.
  • Ensure you have an active firewall and antimalware solution in place. Windows Firewall and Windows Defender are barely adequate, a good third-party antimalware solution is far better. WannaCry patches are already available, even for Windows 8 and Windows XP.
  • Don’t rely on anti-malware and virus scanners to save you.  Antivirus companies are only just getting around to addressing ransomware, and their protection isn’t guaranteed.
  • Ensure that Adobe Flash is turned off, or surf with a browser, like Google Chrome, that turns it off by default.
  • Turn off Office macros, if they’re enabled.
  • Don’t open questionable links, either on a webpage or especially in an email. The most common way you’ll encounter ransomware is by clicking on a bad link.
  • Likewise, avoid untrusted areas of Internet. A bad advert on a legitimate site can still inject malware if you’re not careful, but the risks increase if you’re surfing where you shouldn't.
  • Keep offline backups of important data.

Contact us for tailored and specific services for your personal circumstances.

 

Talk Talk's cyber security advice to customers is very worrying. Many UK customes have DSL-3780 routers which Talk Talk preconfigure to allow remote administration (using TR069). Although in theory this allows the routers to be maintained by Talk Talk remotely this tool has been exploited to steal information from home users including router passwords, MAC addresses (network IDs) and SSIDs (wifi network names).

Together this information can be used by cyber attackers to take control of users home networks. There is enough information to effectively steal identities, hack personal computers, steal cloud credentials, photos and videos. More worryingly attackers can use this information to set up fake websites (such as a copy of your bank) that look identical to your normal website, allowing attackers into your bank accounts. For high profile people, this is a particularly worrying time.

Talk Talk's advice is to not worry, and not change your passwords. This isn't good enough.

Cyber-Shadow can help, but even if you can't afford our services we offer the following advice:

Kim Kardashian security
It’s no longer possible for the super-rich to get by with bodyguards hoping to be adequately protected in modern society.  The world and the threats it poses have changed dramatically in the last decade.
 
The growing pace of technologic change has allowed society incredible power at it’s fingertips.
 
This brings with it the ability for anyone, with minimal determination, the ability to invade people’s privacy, spying on us in our homes, tracking our movements, stealing our information.We face threats from groups such as terrorists, organised criminals, the mentally insane and opportunistic stalkers wherever we are in the world. The super-rich have begun to seek to minimise these threats by contracting private security professionals, often ex-intelligence service operatives, who can provide a range of tailored services to meet their needs.
 
Contact us if you would like access to the same type of exclusive professional services that Kim Kardashian benefit from.
 
We've worked in the UK security industry for over 15 years providing our expertise to GCHQ and MI5 among others. Increasingly we see people in the public eye being high profile Cyber Security targets. Facing risks ranging from identity theft and to leaking private pictures and other information. We set up cyber-shadow to provide world-leading cyber security services to private individuals at risk.  Now these individuals can benefit from the same protection from criminals, hackers and other threats that governments utilise.
 
High profile targets deserve peace of mind. Our services range from risk identification and mitigation to active defense. We can detect in real time if you are being hacked and respond. If necessary we can deal with the Intelligence services and police to deal with threats. We work in the shadows to detect the nearly invisible.