Ready to Start Your Career?
June 2, 2017
UNM4SK3D: ShadowBrokers, Chrome, and Google Play
June 2, 2017
#dumpserviceMove over 'Wine of the Month Club,' there's a new subscription service in town. On May 30th, hacking group the ShadowBrokers announced their 'Monthly Dump Service' with a hefty pricetag of 100 Zcash (approximately $23,000 USD) monthly and instructions on how to subscribe.In case you've forgotten, the ShadowBrokers were responsible for leaking the SMB exploit that was used to spread WannaCry ransomware worldwide. The unknowns behind this group have only continued to heighten the world's anxiety since the WannaCry attack, promising to release browser, router and mobile exploits, attacks targeting Windows 10 machines, to the release of data stolen from SWIFT providers, central banks, and Russian, Chinese, Iranian or North Korean nuclear and missile programs. Allegedly, the first dump is expected to be released sometime between July 1st and July 17th to all confirmed subscribers. Those subscribers, in addition to payment, must provide a 'delivery email address' to which they will send an email containing a link and their unique password for each data dump.ShadowBrokers says the membership has been kept expensive because the data dump has been intended for specific groups, stating, "If you caring about losing $20k+ Euro then not being for you. Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments." Their requested currency, meanwhile, is a story of its own. Zcash is a new cryptocurrency currency that claims to be more anonymous than Bitcoin, as the sender, recipient, and value of transactions remain hidden. Still, the group seems to doubt even Zcash's anonymity openly via social media in broken English. While they were initially not taken seriously by many, it seems that security experts are changing their tune, since its previously released dump turned out to be legitimate. The validity of their newly promised dumps have yet to be verified, but assuming they are, we should likely expect companies to buy the dumps for $21,000 per month and secure their products before hackers get their hands on new zero-day exploits.
This is being wrong question. Question to be asking ‘Can my organization afford not to be first to get access to theshadowbrokers dumps? -statement from ShadowBrokersWant to learn more about the hacking group? Read 'Shining Light on the ShadowBrokers.'
Real attack will not be very obvious of course. It can use very small pop-under and submit the data anywhere and close it when the user is focusing on it. It can use the camera for millisecond to get your picture. -Ran Bar-Zik, AOL DeveloperFor tips and tricks on securing your favorite browser, read 'Workarounds for Chrome.'
It is quite unusual to find an actual organization behind the mobile malware, as most of them are developed by purely malicious actors. -Checkpoint security researchersProtect yourself in the Google Play store. Read 'How to Identify Malware/ Spyware Attacks.'