The NSA has recently put out warnings of a vulnerability that is being taken advantage of by the Russian hacking group, called Sandworm. The Sandworm hacking group has been suspected of being a part of a multitude of attacks over the last decade, including the attacks on Democrats in 2016. The Group has also been connected to attacks in 2017 which caused billions of dollars in damage, and attacks that disrupted government processes and broadcast television in the Republic of Georgia.
The vulnerability the NSA is currently highlighting is in the Exim Email Software. Exim is a MTA (Mail Transfer Agent) which is a system that sends, receives and routes emails for UNIX systems. Exim comprises almost half of the internet’s email servers. This vulnerability was originally found about a year ago and the manufacturers quickly released an update that patched the issue, however about half of the users still have not updated their servers to the patched version. This issue has in the last few days become a major security risk that has even the NSA pushing for everyone who uses the software to update.
The Russian group has begun to send worm attacks into this specific weak spot in an attempt to add privileged users, execute command scripts, and many other ways of manipulating the systems for their benefit. These attacks are direct proof against Russia’s recent claims of being a benevolent force in cyberspace.
This announcement by the NSA seems to be connected to their recent movements towards a more public facing cyber division. This division was launched last October and is named the Cybersecurity Directorate, its purpose is to quickly disseminate unclassified threats the organisation has identified. The NSA is attempting to allow the private sector the ability to react to threats more efficiently.
As the government begins to recognize and react to the threats that we face as citizens and as a society from the attacks on our information, we must all do our parts to be aware of the risks we take on the internet. Check all of the systems you depend on for privacy and security, make sure they are up to date and that they don’t have any major vulnerabilities that you can fix. The difference between a massive loss and the security of your information is your ability to take action in the protection of your interests.