Much like how Eastern European countries were notorious for poorly guarding uranium stores, it’s become painfully clear that intelligence agencies are doing an equally bad job of protecting the vulnerabilities that fuel cyberweapons.  The Wanna Cry ransomware that hit over the weekend is the digital equivalent of a dirty bomb: indiscriminately deployed and made possible because a government somewhere didn’t do their job.  Fortunately, we have managed to avoid real dirty bombs, but the use of these digital equivalents will only become more frequent. 

Don’t think for a moment that malware authors who hadn’t taken advantage of the caches being dropped by groups like Shadow Brokers as of yet are sitting on their hands any longer.  As we speak, these vulnerabilities are being baked into banking malware, botnet malware, ransomware, malware designed to facilitate the theft of customer data or intellectual property, and so on.  Some will be deployed indiscriminately, others will be targeted, some will be able to crawl networks, others will stay in place to do their work.  There’s no putting this back into the box from which it came.  Tactical threats will become more effective and mass attacks more prolific. 

Everyone has a role to play in preventing these attacks from being successful.  We need to raise awareness among users of security best practices, be on the lookout for the early signs of infection, quickly take down command and control servers, patch immediately and uniformly, etc. 

Or, we can just duck and cover.  That should work, right?


Author

About Al Pascual

An accomplished industry analyst, market researcher, and financial industry practitioner, Al Pascual is Javelin’s Research Director and Head of Fraud & Security. As Research Director, Al leads Javelin’s Advisory Services and Custom Research businesses. He oversees growth of these businesses while ensuring that Javelin’s research content meets quality standards and provides the innovative perspectives that clients expect from the firm.

As Head of Fraud & Security, Al provides clients actionable insights on a variety of fraud and security issues, acts as a partner in developing strategies for managing risk, and identifies and raises awareness of future threats and solutions. Al researches a range of topics, including the applicability of biometrics in banking and payments, the effect of data breaches on the integrity of consumer identities, the relationship between identity fraud and loyalty, and the best methods for securing payment data and transactions.

Al has presented findings from Javelin’s rigorous, industry-leading research at conferences around the world, including BAI, CARTES, Money20/20, NACHA, and RSA. Al has provided commentary on fraud and security issues to American Banker, Bloomberg, CNNMoney, Fox Business, Reuters, The New York Times, The Wall Street Journal, The Washington Post, and Wired.

Previously Al held risk management roles at HSBC, Goldman Sachs, and FIS. He is a member of the Association of Certified Fraud Examiners, the International Association of Financial Crimes Investigators, and the Federal Reserve Secure Payments Task Force. Al also serves on the board of advisers to the Information Security Media Group. He earned a Bachelor of Arts degree in History from the University of South Florida.

Stay in Touch!