Skip to main content
banner image
venafi logo

Shadow Brokers and Beyond: What Insider Threats Are Hiding on Your Network?

Shadow Brokers and Beyond: What Insider Threats Are Hiding on Your Network?

Shadow Broker insider threats
November 20, 2017 | Emil Hanscom

We’ve written at length about how malicious insiders can use compromised machine identities to steal large amounts of data, all while remaining undetected. Attackers prefer to use encryption because it allows them to circumvent most security controls. In fact, analysts now estimate that over half of all network attacks leverage this method.

Unfortunately, hidden insider threats can have catastrophic real world consequences.

Last year, the National Security Agency was breached by the Shadow Brokers, a self-described hacker group of unknown origin. The Shadow Brokers leaked the NSA’s “cyber weapons,” which included zero-day exploits and vulnerabilities. The agency is still reeling from this breach, which has taken a toll on moral. The Hill recently reported: “both longtime employees and new hires, are moving to better-paying jobs in the private sector under the stress of an investigation yet to find a suspect to focus on”

In addition, it was revealed that the orchestrator may still have access to the NSA’s data.

According to an article from Security Brief Europe: “Former deputy and acting director of the CIA, Michael Morell says 15 months since the first leak occurred they don’t know what else the leakers might have or how the information got out of the NSA in the first place. Morell says the scariest thing about the whole ordeal is that for all they know, the group could still be actively stealing information.”

Morell’s admission is shocking, but not surprising. If the leaker compromised the NSA’s machine identities and if the NSA’s machine identity security is weak, like most other large organizations, it would be nearly impossibleto trace how the attacker gained access and how they exfiltrated the data. 

“By using forged or compromised keys and certificates, attackers create malicious tunnels into your network where they hide while they conduct surveillance, install malware and ultimately exfiltrate valuable data,” my colleague Nick Hunter wrote in a recent blog post. “This type of attack is particularly nefarious because the tunnels that attackers use appear to contain everyday business communications, unless they are inspected. But let’s face it, how many organizations inspect 100% of their network traffic?”

Ultimately, Morell’s admission should be a wakeup call for businesses across the globe. After all, the NSA is one of the most protective and secretive organizations in the world and has invested heavily in cyber security technology. The Shadow Broker breach demonstrates the prevalence, and devastation, insider attacks can maintain.

Can you could detect the exfiltration of data through encrypted tunnels?

Like this blog? We think you will love this.
Featured Blog

How DoS/DDoS Attacks Impact Machine Identity, Digital Certificates

For safe and secure utilization of machine identities such as SSL/TLS cer

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more