Database Security Digest – May 2017

Well, this month has been extremely busy for hackers and those who fought against them. Here is the quick digest of database security news of May 2017.

Shadow Brokers, WannaCry, the NSA and Global Cybercatastrophes

I guess we should start with the Shadow Brokers hacker team and their mentioned in the previous digest publication of exploits for Windows OS and other systems allegedly obtained from the National Security Agency’s data leak. It happened to have tremendous consequences all over the globe as some of the published exploits have been used in creation of infamous WannaCry, which needs no introduction. It’s just that evil cryptoworm that infected more than 400,000 machines.

WannaCry targets computers on Microsoft Windows (98% of victims used Windows 7). It uses the EternalBlue exploit leaked from the NSA to enter a computer by taking advantage of vulnerability in the Server Message Block (SMB) protocol. Then it installs DoublePulsar which downloads and runs the WannaCry script which encrypts all data on your machine. Eventually, after demanding a payment of about $300 in bitcoin, it makes you wanna cry, as there’s no guarantee that the data will be decrypted after paying the bill.

Bitcoin transactions keep its users anonymous but they are also traceable, every transaction is written on a public ledger called the blockchain. Three wallets are used to receive ransom payments, as of 25 May $ 126,742 has been transferred. Criminals will be having a hard time trying to use that bitcoins as information security professionals are watching these three wallets 24/7. According to the analysis of ransom notes, the Linguist experts have concluded that criminals are fluent in Chinese.

And back to Shadow Brokers who made that horrible mess happen. They have announced a monthly subscription service for new exploits obtained from the NSA. The approximate price is $23,000. The first dump is expected in the first half of July and who knows what else is there in that black box. So, should we worry about upcoming cyber disasters? Yes, we should.

Samba Threat

Another threat to the peaceful living of your data. More than 100,000 computers are currently susceptible to the remote code execution vulnerability (