Threat Management, Threat Management, Threat Intelligence

Shadow Brokers post details of ‘monthly dump service’

The Shadow Brokers in an online message Tuesday provided details on how interested parties can sign up for the $22,000 per month “dump service.”

Those who pay in the nearly untrackable Zcash and provide “a ‘delivery email address' in the ‘encrypted memo field'” will receive a confirmation email and then a mass email between July 1-17 with a link and password for the June dump, BleepingComputer cited the post as saying.

While cybersecurity pros still aren't convinced of the veracity of the leaks, they do believe the Shadow Brokers' contentions cast an ominous shadow.

"Obviously, there are doubts regarding the truth behind the claimed new leaks, but the whole situation is really scary. On one hand, if the exploits are really existing and someone (or multiple parties) buys them, we may be faced with another Wannacry campaign as we can be sure that the buyer(s) will monetize those exploits,” said Csaba Krasznay, product evangelist at Balabit. “On the other hand, if the whole story is not true, Shadow Brokers' questionable ‘reputation' may suffer, and it may seek to prove trustworthiness in another destructive way.”

Whatever the truth might be, “it is clear now that the governments should handle their cyberweapons in ways similar to the handling of their weapons of mass destruction, Krasznay said. “Otherwise, perhaps a disgruntled privileged administrator might steal one or perhaps someone may simply forget to delete it after use in an operation. Those codes shouldn't get to a Shadow Brokers-like group, and this is a governmental responsibility."

The group has attempted to commercialize and monetize the exploits with virtually no success. “It is evident from the last year that Shadow Brokers are trying various business models to see which one profits them. They have tried an auction sale, a direct sale and now a subscription model,” said Mounir Hahad, senior director at Cyphort Labs. “None of the past models has generated any revenue for them, neither from government agencies interested in offensive security nor from security companies trying to build protections.”

Hahad, though, said the monthly subscription service “will have better success given the price tag is much lower.” But he is concerned that “rogue entities like cybercrime groups…would have a more affordable access to weapons of choice. Some not-so-well funded foreign governments may dip their toes in as well.”

Hahad also said he hoped security companies don't “join the feeding frenzy” to avoid being left behind. “Usually the industry is driven by a code of conduct that should prevent engaging in any shady activity and definitely not funding illegal activities,” he said.

The motives of the group and the value of what they'll offer also should receive greater scrutiny. “Of the list of items that The Shadow Brokers have suggested would be a part of their monthly data and exploit dump service, compromised SWIFT network data is of the most value to both black-hat hackers and the impacted organizations,” said Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies.

“Zero-day exploits still do not account for the majority of successful breach attack vectors, and they are, relatively speaking, already quite populous in both the dark and open web, Gumbs continued. "Comprised SWIFT networks, on the other hand, are what led to the $80 million [Bangladesh central bank] digital heist last year that would have been $1 billion if not for a mere typo. So why would a group of hackers need to peddle exploits and the like if they have, at their disposal, the means to steal untold amount of money? I for one am very skeptical of the group and their motives.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.