This Week in Security: Shadow Brokers, Russian Phishing, Samba Ransomware

Dump-ster Fire as a Subscription

Undeterred by the failure of their blind bitcoin auction, the Shadow Brokers have pivoted into a monthly subscription model for the low low price of 100 Zcash (approximately $23,000), promising to deliver a dump full of unknown goodies. Call it a grab-bag of badness. For a group calling themselves “brokers,” they’re not very good at selling their warez.

Security researchers launched a crowdfunding campaign to raise money to purchase the Shadow Brokers dump in an attempt to fend off the next destructive worm, but have since removed the campaign. We were pleased to see this, as we believed it was misguided from the start. The money raised, we think, would have been better spent on an advertising campaign to educate users on the hazards of not patching, rather than on purchasing badness directly from the Shadow Brokers and handing them money to reward them. Apparently, their lawyers agreed.

There is no guarantee the Shadow Brokers will deliver on their promises and the NSA did, in fact, alert Microsoft about the vulnerabilities prior to the previous Shadow Brokers dump. The MS17-010 patch was available for almost two full months prior to WannaCry’s outbreak. But early access to the vulnerabilities and exploits isn’t enough to prevent the outbreak of a worm if users aren’t updating their devices.

While all this InfoSec drama plays out, just keep your devices updated, block any unnecessary ports at your firewall, and keep regular backups. You know, stuff you should be doing all the time. Per usual, ‘back to the basics’ security fends off a whole lot of lazy bad guys.

Tainted Leaks

Citizen Lab released an outstanding report on a sophisticated information warfare campaign attributed to the Russian government, whereby hackers phished over 200 unique targets to gain access to their (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog