Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - NSA, CIA Leaks Provide A Roadmap To Stealthier, Faster, More Powerful Malware
News & Analysis

NSA, CIA Leaks Provide A Roadmap To Stealthier, Faster, More Powerful Malware

ISBuzz TeamBy ISBuzz TeamJune 28, 2017Updated:July 4, 20244 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

SHARE

It’s been another banner year for leakers. In May, Wikileaks released the CIA’s Vault7 cyberwarfare documentation,1 and the Shadow Brokers released NSA exploit information, including the Windows EternalBlue2 exploit. EternalBlue was quickly weaponized into the WannaCry ransomware that pummeled the Internet for days. The Petya ransomware hitting Eastern Europe is also reportedly using EternalBlue to infect machines. This is all bad, but what’s worse is the revelation of how the intelligence community uses tools and methodologies to find vulnerabilities and build exploits. It’s akin to how Eli Whitney’s principle of interchangeable parts3 marked the beginning of the industrial revolution. The information in these leaks provides a blueprint on how to build a semi-automated malware factory. This how-to manual for advanced exploitation is a quantum leap in hacking techniques, which bad guys are already learning from. Intelligence agency high-powered attack frameworks like FuzzBunch, Athena/Hera, and OddJob are all laid out for review with technical notes, assembly instructions, and experimental commentary. It’s a treasure trove for someone looking to build a similar system. In all, there were four significant revelations within these leaks:

  • The assembly line of vulnerability exploitation.Intelligence agencies use highly simplified tools to find vulnerabilities, and then provide a framework to simplify exploitation of those vulnerabilities. The leaks show exactly how to operate the tools with specific configurations, products, and methods to go against specific targets. I’m sure someone is already working on their own version of this.
  • Obfuscated infrastructure.The leaks specify how to generate obfuscated infrastructure to support the attack with segregated environments for exploitation, command and control (C&C), and exfiltration. The frameworks provide the most thorough obfuscation seen so far in the public record.
  • The use of APIs to mix-and-match on the fly.The WannaCry malware used one exploit, EternalBlue. However, look at EternalRocks.4 It has seven discrete exploits combined. The leaks showed that the tools can dynamically combine and recombine exploits and payloads as needed for a specific target.

What Happens Now?

Scary stuff. What are the implications? In the next 12 to 36 months, we’re going to see the bad guys using these techniques to build the next generation of attacks. We can expect to see:

Perpetual Storms of Malware

Imagine the WannaCry type of attack as the new normal. Be prepared to weather continuous attacks by zero-day exploits against any and all applications and platforms. The background radiation of the Internet is going to tick up to a new level of toxicity.

Perfect Lures

Powered by big data, machine learning, and natural language processing engines, expect phishes and false websites to be nearly indistinguishable from the real things. Natural language processing tools will eliminate the clunky non-native language that often gives away the fake sites. It’s already hard enough for users to discern reality. It’s going to be much worse.

Click-Free Attacks

I don’t mean just new worms, but imagine the equivalent of a web drive-by attack extended to major services and even mobile platforms. This means attacks going after the major application platforms where just using a client app on a phone can mean getting hit with something nasty. We’re talking mass exploitation automatically scaled.

Untraceable Attacks

Attacks will be launched from C&C networks that have never been seen before and will never be seen again. Domain analysis for malware C&C networks will become an obsolete art. IP reputation filters will become useless.

Preparing for the Onslaught

If there will be continuous attacks powered by rapid-fire of large numbers of zero-day exploits, you will need strong incident response capabilities coupled with a solid anti-DDoS strategy. With nearly perfectly customized lures to get users to click as well as “click-free” attacks, organizations will likely require more advanced defensive technical measures for stopping phishing and malware attacks. With attacks being launched, untraceable disposable infrastructures, better threat intelligence and smarter blocking will be required because static domain and IP filtering will be useless. If you are considering a move to multifactor authentication, now would be the time to start. And, as always, patch as fast you can.

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground

May 20, 20265 Mins Read

Foxconn confirms cyberattack following Nitrogen ransomware claims

May 14, 20263 Mins Read

Security’s Blind Spot: The Threats Hiding in “Low-Severity” Alerts

May 6, 20265 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}