Last month the world was hit with an unprecedented cyber attack. And, right on the heels of that attack, the group responsible posted a warning to expect even more widespread and damaging attacks this month.
In some places around the globe, June is typically the beginning of hurricane season. In the cyber-world, June may now be associated with the stormiest of seasons as well. The ‘ShadowBrokers’ as the cyber criminals call themselves are set to release more zero-day bugs and exploits for various desktop and mobile platforms. This time, however, they are promising to leak the dates of the attacks, only to those who belong to their “club.”
Thehackernews.com published a statement released by the ShadowBrokers posted shortly after last month’s attack stating, “TheShadowBrokers is launching new monthly subscription model. Is being like [the] wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month.” (http://thehackernews.com/2017/05/shodow-brokers-wannacry-hacking.html?m=1)
This can be seen as good news/bad news. Good news because all of the upcoming alleged unpatched vulnerabilities will be patched after being disclosed. Bad news because the group will sell new zero-day exploits and hacking tools to private members with paid monthly subscription, instead of merely revealing them to Microsoft.
So, who will pay for membership in this hacker-of-the-month scheme? We can know for sure that other hackers and cyber criminal gangs will jump right in. Also state-sponsored hackers, perhaps some journalists and people from tech companies are a pretty sure bet for membership.
Now, the real question is this: Will those of us in cyber security be compelled to opt in to help our clients keep their data safe? I’ll keep you posted.