Cyber Attacks: Malware vs. Milware

in #security8 years ago

What differentiates Malware from Milware?

Malware has become a ubiquitous term for any malicious software that is running on a computing system [including handheld devices]. Meaning Spyware and Adware are both forms of Malware, and of course Milware.

Milware? What the ####?

Yes, what the #### indeed. Milware stands for Military Malware. Our [US Citizens] various branches of the Armed Forces, CIA, NSA, FBI, and the Cyber branches of all of the Armed Forces have paid for Milware to be developed for their tactical gains.

Has Milware been seen before the WannaCry Ransomware?

Yes in 2012: Stuxnet. The CIA, NSA project to take down the Iranian Nuclear Program and cause their enrichment devices to over-spin the centrifuges, thus hampering the program. Stuxnet was able to infect air-gapped systems, which was very advanced in the early 2010's [air gapped, systems that are not networked -- or done so that it is an internal network with no external internet connection]. It was so successful the Iranian Cyber Army re-engineered the milware and learned from our CIA, NSA work.

Is this the first time Milware has been created and lost?

NO! Here are the two most relevant leaks of Milware to the open internet, which lead to some of the tool sets being used within WannaCry:

Why should one care about milware?

If you utilize a common device or operating system you're using flawed code which is exploitable by 'State Actors'. Meaning, there is likely a way to compromise that iPhone 7 or Samsung 6s without you knowing. This derives to the fact that government agencies are storing catalogs of vulnerabilities for systems/devices being used by US citizens,..."for your [our] protection." Sure, protect me with fire from the fires -- excellent plan.

Microsoft's President and CLO's take on Milware being misplaced, misused:

Today Brad Smith the President and Chief Legal Officer for Microsoft wrote a blog post where he expressed frustration at the situation of Milware being created, then misplaced, and abused:

 Finally, this attack provides yet another example of why the stockpiling  of vulnerabilities by governments is such a problem. This is an  emerging pattern in 2017. We have seen vulnerabilities stored by the CIA  show up on WikiLeaks, and now this vulnerability stolen from the NSA  has affected customers around the world. Repeatedly, exploits in the  hands of governments have leaked into the public domain and caused  widespread damage. An equivalent scenario with conventional weapons  would be the U.S. military having some of its Tomahawk missiles stolen.  And this most recent attack represents a completely unintended but  disconcerting link between the two most serious forms of cybersecurity  threats in the world today – nation-state action and organized criminal  action. 

It should be noted that Microsoft has gone against it's policies and released patches for Windows XP and Server 2003 in order to mitigate the spread of WannaCry ransomware.


I felt the need to post this as I personally respond to the threat and risks of Ransomware.

Please upvote or Re-Steem this post if you found this helpful or informative.


Thanks & much love to my fellow Steemians!