Application security, Patch/Configuration Management, Threat Management, Vulnerability Management

NotPetya: Snowden takes shots at NSA, Shadowbrokers lick lips

The wider cyber-security industry has been lining up to tell SC what it thinks about the yesterday's massive NotPetya campaign. Elsewhere, more controversial figures responded in their own way.

When the WannaCry attacks happened last month, what shocked people was not the ransomware itself but the propagation method. The ransomware had been combined with the NSA exploit EternalBlue, which allowed it to spread far and wide, infecting over 200,000 endpoints in over 150 countries.

This most recent attack's similarity with WannaCry comes down to that same propagation method, EternalBlue.

The vulnerability was released last year along with a host of other NSA-linked exploits from a group calling itself the ShadowBrokers. The group offered these exploits as proof that it had its hands on a treasure trove of NSA exploits and that it would offer them up to the highest bidder.

ShadowBrokers was jubilant in its response to the NotPetya campaign. The group wrote on its page, “Another global cyber-attack is fitting end for first month of theshadowbrokers dump service.”

It used the attack to promote its monthly subscription service, whereby the group would be releasing exclusive NSA exploits to subscribers. For only 200 ZEC (£51,000), the group wrote, anyone can have access to the dump for July.

It also took the opportunity to advertise its new VIP service: “for months many peoples is messaging theshadowbrokers...Do you have X or Y vulnerability? Will you hack X or Y for me? Do you have intel on X or Y organization? Do you have intel on my organization? Have I been hacked? In past theshadowbrokers is not taking request or providing individual services. This changes with VIP Service.” the group is now offering specific exploits, on request, for a “one time” payment of 400 ZEC (£102,000).

Meanwhile, Edward Snowden issued a harsh rebuke of his former employers. Snowden was key to confirming the ShadowBrokers leak as NSA, and the exploits that the group offered were talked about in his 2011 leak which exposed the wide-ranging surveillance practices of the agency.

He tweeted, reminding journalists, “remember this worm spreads based on a vulnerability NSA kept unfixed for years.” He followed that up with a number of other shots at the US signals intelligence agency, chiefly: “How many times does @NSAGov's development of digital weapons have to result in harm to civil infrastructure before there is accountability?”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.