On Tuesday, 7th March, WikiLeaks published thousands of documents. The documents are alleged to show tactics and tools employed to, among other things, break into computer devices from leading manufacturers, to circumvent installed security solutions and even lay a trail of false flags.
Kaspersky Lab believes, along with many of its colleagues across the security industry, that consumers and organizations have a right to personal privacy and to the protection provided by their security solutions and devices.
The sharing of information on new vulnerabilities is one of the basic principles of our industry – and is known as coordinated vulnerability disclosure. This approach allows manufacturers or developers to patch points of weakness and issue an update to users before the vulnerability is made public. The documents suggest that this has not happened here and the ramifications of that could be far-reaching. Time and again we have seen the speed at which cyber-attackers seize on public details of malicious tools and techniques and use them in their own attacks. We can be certain that today attackers the world over will be scouring the Wikileaks dump – in a race with the device and software developers rushing to patch any newly revealed vulnerabilities.
Fortunately, a number of the vulnerabilities revealed, including those relating to Kaspersky Lab’s own products concern outdated products and have all been addressed in more recent versions.
Worried consumers and businesses should double check their security settings, ensure they have encryption in place and to make sure they are running – and install – the latest software updates as soon as they come in.
Last but not least, we believe that national organizations should not be spending skills and resources trying to undermine security products created to keep people safe. Many cyber-threats, such as ransomware are global now – and need to be addressed globally: through collaboration and without borders.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.