Skip to main content
banner image
venafi logo

Shadow Brokers and Beyond: What Insider Threats Are Hiding on Your Network?

Shadow Brokers and Beyond: What Insider Threats Are Hiding on Your Network?

Shadow Broker insider threats
November 20, 2017 | Eva Hanscom

We’ve written at length about how malicious insiders can use compromised machine identities to steal large amounts of data, all while remaining undetected. Attackers prefer to use encryption because it allows them to circumvent most security controls. In fact, analysts now estimate that over half of all network attacks leverage this method.

Unfortunately, hidden insider threats can have catastrophic real world consequences.

Last year, the National Security Agency was breached by the Shadow Brokers, a self-described hacker group of unknown origin. The Shadow Brokers leaked the NSA’s “cyber weapons,” which included zero-day exploits and vulnerabilities. The agency is still reeling from this breach, which has taken a toll on moral. The Hill recently reported: “both longtime employees and new hires, are moving to better-paying jobs in the private sector under the stress of an investigation yet to find a suspect to focus on”

In addition, it was revealed that the orchestrator may still have access to the NSA’s data.

According to an article from Security Brief Europe: “Former deputy and acting director of the CIA, Michael Morell says 15 months since the first leak occurred they don’t know what else the leakers might have or how the information got out of the NSA in the first place. Morell says the scariest thing about the whole ordeal is that for all they know, the group could still be actively stealing information.”

Morell’s admission is shocking, but not surprising. If the leaker compromised the NSA’s machine identities and if the NSA’s machine identity security is weak, like most other large organizations, it would be nearly impossibleto trace how the attacker gained access and how they exfiltrated the data.

“By using forged or compromised keys and certificates, attackers create malicious tunnels into your network where they hide while they conduct surveillance, install malware and ultimately exfiltrate valuable data,” my colleague Nick Hunter wrote in a recent blog post. “This type of attack is particularly nefarious because the tunnels that attackers use appear to contain everyday business communications, unless they are inspected. But let’s face it, how many organizations inspect 100% of their network traffic?”

Ultimately, Morell’s admission should be a wakeup call for businesses across the globe. After all, the NSA is one of the most protective and secretive organizations in the world and has invested heavily in cyber security technology. The Shadow Broker breach demonstrates the prevalence, and devastation, insider attacks can maintain.

Can you could detect the exfiltration of data through encrypted tunnels?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

lawyer reading from legal books on a desk, with a scale in the foreground

Do We Trust Governments to Effectively Regulate Privacy? [Ask Security Professionals]

hands reaching out of laptop screen holding ballot box, another person's hand casting a vote
Encryption

Will Encryption Backdoors Hurt Election Infrastructure? Security Professionals Say Yes.

Man standing in front of a cyber-secured world.

What If You Could Guarantee Eliminating Outages in Your Organization?

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat