WikiLeaks recently published what appears to be a huge repository of hacking information, tactics and exploits that was allegedly sourced from the CIA and NSA.
The quantity of information released exceeds the total amount of pages released. According to reports, the trove of published information did not include the actual applications that were used for these exploits, but rather discussions and commentary about how to gain control of various business and consumer devices. WikiLeaks has thus far agreed to not release the actual software repositories used, until some sort of consensus emerges from the public and private sector.
Fortunately none of the attacks were about mass surveillance, such as targeting infrastructure of internet giants like Google, Apple, Amazon or Facebook, but really focused on the end user and monitoring specific endpoints. However, it’s certainly going to add more fuel to the ever-growing security fire.
But it is not all doom and gloom, there are certain simple steps that we can all take to help minimize our personal cyber risk.
• Don’t trust the public internet. Rogue access points are more common than you think (just ask some of the RSA 2017 Security Conference attendees).
• Change the default passwords on new IoT devices day one! Avoid joining the DDoS botnet!
• Update your IoT appliance firmware/software frequently. The “Weeping Angel” Samsung TV attack described in the CIA wikileak was only a problem on non-upgraded firmware.
• If you are not using an application, delete or uninstall it. Applications are just attack surfaces waiting for attackers.
• Enable multi-factor authentication where ever possible and move to an online password manager to help you deal with the 20+ passwords that every internet user manages (usually on a piece of paper).
This article originally appeared on Broadsoft