April 12, 2017

Last Updated on January 15, 2024

On March 7, 2017, the self-described “not-for-profit media organization” and whistleblowing website WikiLeaks began releasing the Vault 7 series of documents, which allegedly contain details about activities and capabilities of the CIA to conduct electronic surveillance and cyber attacks dating from 2013-2016.
WikiLeaks claims that Vault 7 includes cyber weapons, surveillance exploits, hand-crafted malware and some ominous zero-day attacks—including the ability to hack smart TVs, cars, smartphones and web browsers.
WikiLeaks further claims that what has been distributed so far is “only 1%” of the total archive. The rest is due to be released publicly at a later date (if ever), and has already been shared with Apple, Microsoft, Google, the Linux Foundation and other tech companies so that vulnerabilities can be patched.
WikiLeaks founder Julian Assange has stated that he would not release information that would put the public at risk. Nevertheless, the existence and the content of the Vault 7 archive is of great concern, particularly if it provides fuel for cyber criminals and cyber terrorists to threaten organizations, nations and/or individuals.
The hype associated with the documents has been spectacular, touting concerns about hackers wiping millions of phones, destroying servers at will and causing vehicle collisions. But what should businesses actually be concerned about, and how should they respond?

How Should Businesses Respond to the WikiLeaks Vault 7 Dump?

The short answer is simple and not very glamorous: patch your software. Many of the vulnerabilities that Vault 7 is said to illuminate are in outdated software versions and have been (or soon will be) patched in the latest versions.
Many of the other hacks described thus far, such as turning smart TVs into listening posts, would be incredibly difficult to pull off in actuality, and/or require physical access to the target device. The small percentage of organizations whose risk profile includes the potential for attack by nation-state actors or highly sophisticated cyber criminals are undoubtedly following these events closely.
If you’re unsure about your organization’s risk profile and/or want to find out more about protecting your data and systems from sophisticated attacks, contact Pivot Point Security.
For more information:

ISO 27001

ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Get your ISO 27001 Roadmap – Downloaded over 4,000 times