Shortly after its leak of NSA exploit tools enabled the spread of WannaCry, the Shadow Brokers hacking group promised to launch a monthly subscription service for more zero days. Tuesday, it started offering details.
On August 13, 2016, a date that remains murky, a hacker published stolen tools from the Equation Group which is widely believed to be the United States National Security Agency (NSA). The tools were reported to include exploits that targeted firewalls, anti-virus software and Microsoft products. Over the next eight months a gigabyte of NSA weaponized software exploits was reported to have been leaked by the Shadow Brokers. Then, on April 14, 2017, the mysterious group (or person) published its most significant release containing approximately 300 megabytes of data claimed to have been stolen from the NSA. The Good Friday dump included exploits and hacking tools aimed at most versions of Microsoft Windows and the SWIFT banking system.
The Shadow Brokers said they'll release more details about their monthly data dump in June, including how interested subscribers could sign up. And after the massive success of WannaCry's ransomware breach, there's certainly much more demand.
The Shadow Brokers have provided more details on the monthly subscription service announced two weeks ago. Those interested in obtaining exploits and other information from the group will have to pay a monthly fee of roughly $20,000.
The Shadow Brokers have denied having anything to do with Russia and they claim their main goal is to make money. However, all their attempts, including auctions and crowdfunding initiatives, have so far failed. It remains to be seen if anyone signs up for their monthly dump service.
Another global cyber attack is fitting end for first month of theshadowbrokers dump service. There is much theshadowbrokers can be saying about this but what is point and having not already being said? So to business! Time is still being left to make subscribe and getting June dump. Don't be let company fall victim to next cyber attack, maybe losing big bonus or maybe price on stock options be going down after attack. June dump service is being great success for theshadowbrokers, many many subscribers, so in July theshadowbrokers is raising price.
TheShadowBrokers is thinking "doctor" person is former EquationGroup developer who built many tools and hacked organization in China. TheShadowBrokers is thinking "doctor" person is co-founder of new security company and is having much venture capital. TheShadowBrokers is hoping "doctor" person is deciding to subscribe to dump service in July.
If theshadowbrokers is not seeing subscription payment with corporate email address of email@example.com then theshadowbrokers might be taking tweets personally and dumping data of "doctor" persons hacks of China with real id and security company name. TheShadowBrokers is thinking this outcome may be having negative financial impact on new security companies international sales, so hoping "doctor" person and security company is making smart choice and subscribe. But is being "doctor" persons choice. Is not being smart choice to be making ugly tweets with enough personal information to DOX self AND being former equation group AND being co-founder of security company.
If all goes according to plan, a monthly Shadow Brokers dump of vulnerabilities and exploits will be released to anyone who pays the $20,000 price tag. The group said this high cost is intended to only attract "high rollers, hackers, security companies, OEMs, and governments." The group is asking for payment in Zcash, an anonymous cryptocurrency with more privacy than Bitcoin, and the first Shadow Brokers dump is scheduled to be released between June 1 and June 17.
The Microsoft Security Response Center (MSRC) published information April 15, 2017 on several recently publicized Shadow Brokers exploit tools which affect various Microsoft products. Users and administrators were reminded that software no longer supported by Microsoft (also known as end-of-life (EOL) software) is particularly at risk for exploitation. Server Message Block (SMB) is an enhanced version of CIFS (Common Internet File System) done by Microsoft for the release of Windows 95 in the early 1990s. Due to CIFS challenges with security, slow file transfer, and taking a lot of time responding to service requests and responses, SMB was developed.
CVE-2017-5850 Detailhttpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.CVSS v3 Base Score: 7.5 HighAccess Vector: Network exploitable
Cloud computing takes this complexity to yet a new level. Mann listed thesignificant pieces of a cloud deployment: configuration files (contents ofthe /etc directory, in the case of OpenStack and other Unix-style utilities),log files, databases (all OpenStack services employ them), volumes, andvirtual machines. Plain files can be saved through a file backup, anddatabases through their standard backup services such as mysqldump.
The speakers ended with a list of solutions, most of them commercial. Asmentioned earlier, no solution supports de-duplication yet. Nor do any ofthem checkpoint backups in case of a network failure. Anything that abortsthe backup requires you to restart it from the beginning. One backupsystem, Freezer, is afree-software OpenStack project.Freezer provides backup and restore as a service; it consistsof four separate components, two for the client and two for the serverside. It provides full and incremental backups for files and databasesthat can optionally be encrypted; the data can be stored locally, in the OpenStack Swift objectstorage facility, or on remote systems via SSH.Freezer's user interface is integrated with the OpenStack Horizondashboard, as well.Freezer has had a few different releases over the pastyear or so and seems to be a fairly active project.However, Freezer does not appear on thelist of commonly used OpenStack components in the April2017 user survey. Its value to the community is therefore hard togauge. 2b1af7f3a8