“Shadow Brokers” New Threat-As-a-Service Subscription

By   ISBuzz Team
Writer , Information Security Buzz | May 31, 2017 11:35 am PST

Bleeping Computer is among news outlets reporting The Shadow Brokers Announce Details About Upcoming Monthly Dump Service – its data-and-exploits-as-a-service forfor which the subscription price is 100 Zcash cryptocurrency (approximately $28,000 US) per month.  When the Shadow Brokers recently teased the upcoming service, it indicated that among the service’s offerings would be web browser exploits, router exploits, mobile handset exploits and tools, items from newer Ops Disks, exploits for Windows 10, compromised network data from more SWIFT providers and central banks, and compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs. IT security experts from Balabit, Cyphort Labs and STEALTHbits Technologies commented below.

Csaba Krasznay, PhD, Product Evangelist at Balabit:

csaba krasznay product manager of shell control box at balabit“Obviously, there are doubts regarding the truth behind the claimed new leaks, but the whole situation is really scary. In one hand, if the exploits are really existing and someone (or multiple parties) buys them, we may be faced with another Wannacry campaign as we can be sure that the buyer(s) will monetize those exploits. On the other hand, if the whole story is not true, Shadow Brokers’ questionable “reputation” may sufer, and it may seek to prove trustworthiness in another destructive way. Whatever the truth is, it is clear now that the governments should handle their cyberweapons in ways similar to the handling of their weapons of mass destruction. Otherwise, perhaps a disgruntled privileged administrator might steal one or perhaps someone may simply forget to delete it after use in an operation. Those codes shouldn’t get to a Shadow Broker-like group, and this is a governmental responsibility.”

Mounir Hahad, Ph.D., Senior Director at Cyphort Labs:

mounir hahad“It is evident from the last year that Shadow Brokers are trying various business models to see which one profits them. They have tried an auction sale, a direct sale and now a subscription model. None of the past models has generated any revenue for them, neither from government agencies interested in offensive security nor from security companies trying to build protections.

I suspect this new model will have better success given the price tag is much lower. My concern would be with rogue entities like cyber crime groups which now would have a more affordable access to weapons of choice. Some not-so-well funded foreign governments may dip their toes in as well.

I hope this approach won’t force the hands of security companies to join the feeding frenzy to avoid being the last one to know. Usually the industry is driven by a code of conduct that should prevent engaging in any shady activity and definitely not funding illegal activities.”

Gabriel Gumbs, VP of Product Strategy at STEALTHbits Technologies:

gabriel gumbs“The motives of the Shadow Brokers should receive far more scrutiny than it currently receives. Of the list of items that The Shadow Brokers have suggested would be a part of their monthly data and exploit dump service, compromised SWIFT network data is of the most value to both blackhat hackers and the impacted organizations. Zero-day exploits still do not account for the majority successful breach attack vectors, and they are, relatively speaking, already quite populous in both the dark and open web; comprised SWIFT networks on the other hand are what led to the $80 Million dollar digital heist last year that would have been 1 Billion dollars if not for a mere typo. So why would a group of hackers need to peddle exploits and the like if they have, at their disposal, the means to steal untold amount of money? I for one am very skeptical of the group and their motives.”