ShadowBrokers offers CISOs zero-day details for $21,000

The NSA-leaking group goads companies into forking out for early access to exploits

code

The criminal group responsible for leaking NSA hacking tools over the past nine months is marketing regular exploit kit notices at CISOs.

Shadow Brokers plans to charge security professionals and white hat hackers a $21,000 subscription fee for access to dumps of new zero-day exploits, giving them the opportunity to develop countermeasures to hacking tools that could otherwise prove catastrophic if released into the wild.

The person or group responsible for originally stealing and leaking NSA hacking tools has previously released data dumps that included two tools that were eventually used in the WannaCry ransomware attack, which affected over 200,000 computer systems in 150 countries.

While Shadow Brokers said it will make new hacking arsenals available for those that pay its fee, so anyone - including hackers - can sign up, its messaging appeared to target organisations trying to prepare themselves against the potential damage of a WannaCry 2.0.

"Question to be asking. 'Can my organisation afford not to be first to get access to the Shadow Brokers dumps'", Shadow Brokers' post reads.

The post makes it clear that this is a "high-roller risk", and gives little indication of what will be included in the data dump, although previous posts boast that it has 75% of the NSA toolkits, covering everything from browser exploits to compromised network data from Russian and Chinese nuclear missile programs.

Yet whether security professionals should pay to access the tools raises a moral question, as they are in effect directly funding Shadow Brokers' activities. What's more, this dump could be completely worthless.

Graham Cluley, security analyst and blogger, toldIT Prothat he believes there are too many unknowns around the data dump: "It's something I would feel uncomfortable with. If you pay malicious hackers for exploits you are creating a demand, and - in effect - encouraging them to continue to supply by doing more illegal hacking."

"Without knowing details of the exploits its hard to say how quickly they could be patched," added Cluley. "Certainly big technology companies have moved quickly in the past to resolve zero-day threats."

"But the proof of the pudding is in the eating. And this is a pudding that costs $21,000."

Pieter Antz, malware intelligence analyst at Malwarebytes, argues that simply knowing what the exploits are is not always enough to understand the damage they could cause.

"The problem is that knowing the exploits does not help white-hats, unless it is very obvious how they can be used in malware," said Antz, in an email to IT Pro. "It could help the firms that created the exploitable software however, and enable them to close the gaps and issue patches for them."

However, Antz warns that companies still run the risk of being stung by false promises: "It's the same as paying to have your files unlocked from ransomware - there's no guarantee the files will be released and you're helping to perpetuate the behaviour."

There isn't long to decide. In acryptographically signed message, published on Tuesday, the group said that if a user sends 100 ZEC (one ZEC is currently worth $237), a virtually untraceable cryptocurrency known as Zcash, to a specified z_address, they would receive an email with a link and a password when the dump is made available in June.

In broken English, the post added: "Act quickly is good chance Zcash price increasing over time."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
Oxford University COVID lab falls victim to hackers
hacking

Oxford University COVID lab falls victim to hackers

26 Feb 2021