It appears that the bulk of the hoarded secrets on exploits software, the biggest one of the greatest casualty is Microsoft’s Windows operating system. WannaCry ransomware has caused havoc in the past three weeks or so.
No sooner was an assuring solution for WannaCry ransomware found, than WikiLeaks leaked yet another major security exploit for Windows. Although the code for the exploit is yet to be made public, WikiLeaks says the Athena Spyware affects all versions of Windows; right from Windows XP to the latest Windows 10. The exploit was apparently released shortly after Microsoft launched Windows 10 in August 2015.
The WikiLeaks announcement comes hot on the heels of dropped charges against Julian Assange, who vowed the war on the CIA was just beginning. The exploit was supposedly created in part by the New Hampshire-based private cyber security offensive firm Siege Technologies.
The exploit allows attackers to hijack a computer in total, and steal data, which can then be sent to the CIA servers. An attacker can also delete data and upload malicious software to the machine.
“Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation,” says WikiLeaks.
To know just how menacing the malicious software is, the creators designed it to evade detection and arrest by antivirus software. It was designed from ground-up with the Kaspersky antivirus software in mind and how it can avoid detection and arrest by it and others like it.
The WannaCry ransomware menace that infected over 300,000 computers across 150 countries the previous week was as a result of a similar leak. When the leak was released to the public, ransomware creators wasted no time in weaponizing the code and infecting computers around the world. Before asking for ransom (payment) to decrypt file they had encrypted after covertly infecting the computers.
It is possible that Microsoft has been given a heads-up on this exploit and they are already working on security patch ups. However, as a user, your surest bet is to use cloud storage to backup your files on your PC. You should also keep applications running on your PC updated, especially the antivirus and antimalware software running on your system.
You should also not interfere with the automatic Windows update settings. That way any and all security patch ups released by Microsoft reach you as fast as possible.