Hacks against companies don’t usually have major public online safety implications for global internet users but that’s changed with the recent hack against a cyberweapons supplier. Details emerged a few days ago revealing that the Hacking Team, an Italian outfit that specializes in covert surveillance and espionage software marketed at government users, was hacked. This led to the release of 400GB of data containing highly sensitive information such as source code, business documents, client lists, and also details of previously unknown exploits that are used by the Hacking Team to break into target computers on behalf of their clients.
The massive cache of stolen data is still being pored over by curious individuals throughout the world as we speak. Many damaging details have already emerged including a list of clients that contradicts the company’s claims to only sell to non-repressive or non-embargoed regimes. Details of at least two weaponized zero-day vulnerabilities and numerous Trojans used by the group have already been shared on public forums. The problem for the general internet-using public is that once this information is shared publicly, cybercriminals can easily incorporate the material into their own arsenal which can then be targeted against all of us.
We have already seen the incorporation of the new Adobe Flash Player vulnerability into a number of widely-used exploit kits including Angler, Neutrino, Magnitude, and Nuclear. These are being used by cybercriminals to target individuals through drive-by-downloads throughout the world. Fortunately, in this case, Adobe responded quickly by releasing an out-of-cycle patch but users still need to download and install it.
Given the huge amount of data that was leaked and the massive appetite for the details of the activities of this group, we expect that more particulars from this cache to be revealed in the coming days. To help ensure online safety, we recommend that users keep all software up to date with security patches and use a comprehensive security solution such as Symantec Endpoint Protection and Norton Security that protects against both network and file-based threats.
Symantec will continue to monitor the situation and act to provide protection for our customers against any malicious code or exploits that may arise. In the meantime, here is a list of vulnerabilities that have been reportedly associated with the Hacking Team so far.
Symantec has the following protection in place to guard against attacks stemming from this incident:
Intrusion prevention system