An April 14, 2017 article in The Intercept states the worst case scenario has occurred with the NSA’a cyber attack package. According to the article, an entity called “The ShadowBrokers”,
“…today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.”
While the world has been worrying about North Korea, a potentially far worse disaster is in the making. A digital attack package, created by some of the most brilliant talent the United States has, is now in the hands of everyone. Script kiddies will shortly have access to an attack suite that has the potential to spread havoc around the world. The Russian hackers who specialize in cyber-crime have just been handed a tool package better than they have ever had access to before. Hostile governments will now have access to parts of the United States infrastructure that I do not want to even think about.
Instead of spending the next hour telling you just how bad this could be, just trust me, it is really bad. The important question right now is what to do about it?
My understanding is that the attack modules are just for “computers running version of the Windows operating system earlier than the most recent Windows 10”. If your computer is running Windows 10 with all of the patches, you may be safe… I doubt that you are, you will need to decide for yourself. Servers, especially Windows 2008, the most used version, are definitely vulnerable!
Individual home users, if possible, should strongly consider using Linux, Macs, and Chromebooks as much as possible and just don’t use Windows.
Office environments and servers are going to be a tricky problem. Many are still running Windows 7, 8, and 8.1. Pretty much all Windows servers are vulnerable. Now is the time to consider thinking outside the box. I consider good backups to be the first step in ANY security plan. If you are responsible for your company’s network, NOW is the time to leverage online, real-time backups of data. Consider upgrading to the latest and greatest version of Windows if you believe that the latest version is safe. If you are not current on updates, make that your first priority. I would have a couple of live versions of Linux ready to go. It is cheap insurance and will allow people to do some Office 365 stuff online while you are dealing with any issues that pop up.
While it is not much, that is all we can do for now. Realize that there are going to be major data leaks and disruption in the near future. If I was Microsoft, I would be pulling out all of the stops right now. If I were the NSA, I would be doing everything I could to help Microsoft BEFORE everything goes south…