Eduard Kovacs writes in Security Week:
WikiLeaks this week released information on what it claims to be a trove of CIA hacking tools. The documents made public appear to show that the intelligence agency has had the tools and capabilities to hack a wide range of systems, including mobile devices, routers, TVs and even cars.
An initial analysis conducted by tech companies, including security firms, showed that a majority of the disclosed vulnerabilities have already been patched by vendors.
Apostolos Giannakidis, Lead Security Architect, Waratek:
“The Wikileaks release of the CIA’s Vault 7 hacker tools is a dream come true for hackers and a nightmare for corporate security teams who are already under-resourced and over-stressed just trying to keep up with known threats, especially in application software.
This event highlights the risk of introducing new software code into an enterprise environment, especially from third-parties. Blindly putting unrestricted trust in software can greatly increase the risk of introducing new vulnerabilities and even hidden backdoors.
There are tools that can automate the process of identifying and increasing protection against these threats, but the attacks are likely to come faster than the defenders can implement them. It will take security teams weeks, months or even years to develop patches to address the exploits about to be unleashed into the mainstream over time.”
