DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

How are you handling the data revolution? We want your take on what's real, what's hype, and what's next in the world of data engineering.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

SBOMs are essential to circumventing software supply chain attacks, and they provide visibility into various software components.

Related

  • Penetration Testing: A Comprehensive Guide
  • Daily 10 Tech Q&A With Bala
  • 5 Simple Tips to Keep Dockerized Apps Secure
  • Top 5 Incidents and Outages of 2021

Trending

  • The OWASP Top 10 for LLM Applications: An Overview of AI Security Risks
  • Exploring Data Redaction Enhancements in Oracle Database 23ai
  • Multiple Stakeholder Management in Software Engineering
  • The Scrum Guide Expansion Pack
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. 3 Alternatives to the Shadow Brokers' Subscription Plan

3 Alternatives to the Shadow Brokers' Subscription Plan

The malignant hacker collective is at it again. This time, don't be caught unawares. Follow theres three simples security steps and keep your data safe.

By 
Giridhara Raam user avatar
Giridhara Raam
·
Jun. 21, 17 · Opinion
Likes (2)
Comment
Save
Tweet
Share
4.0K Views

Join the DZone community and get the full member experience.

Join For Free

Image title

The cybersecurity sector has certainly had an eventful past few weeks. Soon after WannaCry, a flood of malware was unleashed targeting Windows, Linux, and Android platforms. And the Shadow Brokers, the group behind WannaCry, have already mentioned that they have a list of exploits in their pocket for other platforms, too. And they have announced that they will sell new zero-day exploits to those who buy into their monthly subscription plan.

The hacking collective recently announced that this subscription model's first month will kick off with exclusive access to a leaked data dump in June 2017. In order to subscribe to this model, users have to send 100 ZCash coins (roughly $21,519 USD) to an anonymous IP address. It's likely the Shadow Brokers have decided to use ZCash because the sender, recipient, and cost are hidden for each transaction. The Shadow Brokers are expected to send subscribers the June 2017 data dump sometime in early July.

The Shadow Brokers have been very clear about why their subscription model is so expensive:

"If you caring about losing $20,000+ Euro then not being for you. Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments."- The Shadow Brokers

They claim to have exploits for smartphones and newer operating systems, including Windows 10, as well as confidential banking information and even stolen nuclear missile codes. If the Shadow Brokers are true to their word, the world has to prepare itself for something far worse than WannaCry.

But on the other hand, there's something unsettling about trusting hackers. The Shadow Brokers haven't revealed themselves yet, and so far they seem like a personification of WannaCry, demanding victims pay a large ransom. Experts, including security architect Kevin Beaumont, strongly encourage enterprises not to subscribe to this model.

But this raises a question. Is it wrong to pay criminals, even as a means to protect our networks? Especially since we still don't have any assurance that this subscription model is genuine, and its also hard to believe that the Shadow Brokers will keep up their end of the deal? Despite all this, some companies have decided to pay for the Shadow Broker's' high-priced subscription plan.

For organizations that decide to forgo the subscription fee altogether, implementing a strong network security system is one of the best ways to prepare for future threats. Security architects suggest enterprises go through three simple steps to fortify their network:

  1. Implement multilayered firewall security.
  2. Deploy a honeypot for deceptive technology.
  3. Keep your network up-to-date.

Multilayered Firewall Security

Every enterprise has a firewall to restrict unauthorized access to their network. But firewalls are not always as strong as they appear. Cyberattacks can easily get beyond firewalls and tap into a corporate network using phishing techniques. You can protect your servers and workstations independently by partitioning your network into multiple zones and microzones. That way, even if the attackers make a move against one layer (such as a workstation), your other layers (such as servers) will remain safe and clean. Establishing multilayered firewall security ensures that cyber breaches are only partially successful.

Honeypots

Cyberattacks usually target vulnerabilities like IP addresses, protocol space, and web servers. Honeypots, a key piece of deception technology, are a computer security mechanism used to deceive and bait cyber attackers. Disguised as a real network resource, honeypots serve as a decoy. In the event of an attack, attackers will fall for the trap and start attacking the honeypot rather than the actual web server, which is kept hidden. After attacking multiple times, the honeypot will identify too many breach attempts from a single channel and will block the attack vector for a while, thereby protecting your enterprise. For example, enterprises can use a forwarding server as a decoy to protect their main server.

Patching

While firewalls and honeypots can help prevent malicious traffic from entering your network, updating your internal systems also plays a vital role in eliminating data breaches. Update your operating systems to avoid any platform-oriented vulnerability breaches and patch your third-party applications to avoid any breaches that target applications. With reports stating that most recent data breaches happened because of Windows and Linux vulnerabilities, patching your systems is definitely mandatory.

Enterprises should not yield to the Shadow Brokers' subscription model. Rather, they should trust these three security best practices that are designed to protect enterprise networks. If you have $20,000 lying around, spend it on improving your network security, not funding the hackers that are attacking your network in the first place.

Network Computer security Firewall (computing) Data (computing) application IT Hacker Dump (program) Vulnerability

Opinions expressed by DZone contributors are their own.

Related

  • Penetration Testing: A Comprehensive Guide
  • Daily 10 Tech Q&A With Bala
  • 5 Simple Tips to Keep Dockerized Apps Secure
  • Top 5 Incidents and Outages of 2021

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • [email protected]

Let's be friends: