Leaked NSA Spying Tools Puts Windows Server At Risk
A mysterious hacking group has recently leaked what seems to be the NSA's suspected spying tools. The cyber weapons (which are now available to the public) shows how vulnerable older Windows Servers really are.
On Friday, the Shadow Brokers leaked the files online. Setting off a ripple effect for concerned tech experts that are now worried about the discovery. According to PCWorld, concerns for cyber criminals incorporating the tools in their hacks is becoming apparent.
Matthew Hickey, the director of online security provider Hacker House believes that the "leak puts state tools into the hands of anyone."
His dissection of the NSA tools revealed 20 different Windows exploits, including four which appear to support previously unknown software vulnerabilities.
A post by ZDNet states that each exploit works as a program that takes advantage of a security flaw. Furthermore, researchers are still examining the leaked files.
Windows systems that are affected by the alleged NSA tools include older versions of the OS, including NT, XP and the Windows 7. Moreover, computers running Windows Server are in a bigger risk.
The exploits are designed to leverage vulnerabilities in a workstation's online server functions. Hickey added that one exploit called the "Eternalblue" could remotely cause older versions of Windows to execute code.
He demonstrated this against a computer running Windows Server 2008 R2 SP1. Surprisingly, he pulled off the hack in less than two minutes. He continued that an "attacker can use these tools to hack into Windows computers and run their code for future attacks."
For instance, a hacker could open a backdoor channel into the machine to upload ransomware or steal sensitive data. The bigger dilemma lies in the latest version of Windows Server that rolled out last year.
On Friday Microsoft stated that it was still studying the exploits. Amol Sarwate, director of engineering for Qualys, said that computers behind a firewall should be safe. He said the vulnerable systems "should consider disabling certain functions that the exploits use."