Bleeping Computer is among news outlets reporting The Shadow Brokers Announce Details About Upcoming Monthly Dump Service - its data-and-exploits-as-a-service forfor which the subscription price is 100 Zcash cryptocurrency (approximately $28,000 US) per month. When the Shadow Brokers recently teased the upcoming service, it indicated that among the service's offerings would be web browser exploits, router exploits, mobile handset exploits and tools, items from newer Ops Disks, exploits for Windows 10, compromised network data from more SWIFT providers and central banks, and compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs. In response, cybersecurity experts comment:
Csaba Krasznay, PhD, Product Evangelist, Balabit said: "Obviously, there are doubts regarding the truth behind the claimed new leaks, but the whole situation is really scary. In one hand, if the exploits are really existing and someone (or multiple parties) buys them, we may be faced with another Wannacry campaign as we can be sure that the buyer(s) will monetize those exploits. On the other hand, if the whole story is not true, Shadow Brokers' questionable "reputation" may sufer, and it may seek to prove trustworthiness in another destructive way. Whatever the truth is, it is clear now that the governments should handle their cyberweapons in ways similar to the handling of their weapons of mass destruction. Otherwise, perhaps a disgruntled privileged administrator might steal one or perhaps someone may simply forget to delete it after use in an operation. Those codes shouldn't get to a Shadow Broker-like group, and this is a governmental responsibility."
Mounir Hahad, Ph.D., Senior Director, Cyphort Labs added: It is evident from the last year that Shadow Brokers are trying various business models to see which one profits them. They have tried an auction sale, a direct sale and now a subscription model. None of the past models has generated any revenue for them, neither from government agencies interested in offensive security nor from security companies trying to build protections.
I suspect this new model will have better success given the price tag is much lower. My concern would be with rogue entities like cyber crime groups which now would have a more affordable access to weapons of choice. Some not-so-well funded foreign governments may dip their toes in as well.
I hope this approach won’t force the hands of security companies to join the feeding frenzy to avoid being the last one to know. Usually the industry is driven by a code of conduct that should prevent engaging in any shady activity and definitely not funding illegal activities.
Gabriel Gumbs, VP of Product Strategy, STEALTHbits Technologies, concluded: The motives of the Shadow Brokers should receive far more scrutiny than it currently receives. Of the list of items that The Shadow Brokers have suggested would be a part of their monthly data and exploit dump service, compromised SWIFT network data is of the most value to both blackhat hackers and the impacted organizations. Zero-day exploits still do not account for the majority successful breach attack vectors, and they are, relatively speaking, already quite populous in both the dark and open web; comprised SWIFT networks on the other hand are what led to the $80 Million dollar digital heist last year that would have been 1 Billion dollars if not for a mere typo. So why would a group of hackers need to peddle exploits and the like if they have, at their disposal, the means to steal untold amount of money? I for one am very skeptical of the group and their motives.
STEALTHbits Technologies has also today issued a free Shadow Brokers Vulnerability Utility that helps organizations determine their risk exposure to known Shadow Broker exploits such as the WannaCry ransomware. The utility enumerates Windows hosts in the environment, identifies Windows systems that are vulnerable to Shadow Brokers exploits, and verifies that systems have been successfully patched after remediation. The Shadow Brokers Vulnerability Utility can be downloaded here.
Jonathan Sander, CTO of STEALTHbits Technologies: "WannaCry and the vulnerability-of-the-day are a distsaid Jonathan Sander, CTO of STEALTHbits Technologies.