14Criminal Cyber Operations and Tools
14.1 Criminal Cyber Operations and Tools
A world where private sector companies create and sell cyberweapons is more dangerous for consumers, businesses of all sizes, and governments. These offensive tools can be used in ways that are inconsistent with the norms and values of good governance and democracy …
(Microsoft, 2022)
In the mid‐2010s, Hal Martin and Joshua Schulte leaked a large number of nation‐state‐developed tools (Chapter 3). These tools, initially called out by the Shadow Brokers, quietly preceded the outbreak of ransomware, and the Ransomware as a Service (RaaS) subindustry that became an over $20 Billion problem (Table 13.3) for business and government systems during the 2020–2022 pandemic.
14.1.1 Shadow Brokers’ Tools
Among the Shadow Brokers’ tools was a Microsoft protocol exploit that effectively provided a skeleton key to unpatched systems. The Server Message Block (SMB) is a proprietary Microsoft protocol that is used to share files and printers within a network. One of the convenient items provided by SMB is putting files in one location. However, without proper security, this also creates a vulnerability.
In 2017, EternalBlue, an exploit used against a vulnerability in SMB v1.0, set the stage for some of the most intrusive and impactful malware in cybersecurity history. Among the malware that used the EternalBlue exploit are WannaCry (ransomware) and Emotet (Trojan), both of which can self‐propagate throughout ...
Get Cyber Operations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
