By Robert Morgus, Future Tense
Because of difficulties associated with pushing patches designed to block an exploit out to the public—it takes a long time for everyone to click on those annoying little security updates, and some portion of the population never will—open-sourcing exploits like this is often a bad idea. It simultaneously notifies the software manufacturers and potential attackers of the bug. The Shadow Brokers/WannaCry case is just one demonstration of the growing challenge of countering the spread of malicious cyber capability. The code for Carberp (a “botnet creation kit”) was posted online and precipitated the outbreak of the Carbanak malware used to steal cash from ATMs. Rumors persist that versions of the BlackEnergy trojan—twice leveraged to shut off portions of the Ukrainian power grid—have been floating around in malware forums.
Share on Facebook