The cybersecurity sector has certainly had an eventful past few weeks. Soon after WannaCry, a flood of malware was unleashed targeting Windows, Linux, and Android platforms. And the Shadow Brokers, the group behind WannaCry, have already mentioned that they have a list of exploits in their pocket for other platforms, too. And they have announced that they will sell new zero-day exploits to those who buy into their monthly subscription plan.
The hacking collective recently announced that this subscription model's first month will kick off with exclusive access to a leaked data dump in June 2017. In order to subscribe to this model, users have to send 100 ZCash coins (roughly $21,519 USD) to an anonymous IP address. It's likely the Shadow Brokers have decided to use ZCash because the sender, recipient, and cost are hidden for each transaction. The Shadow Brokers are expected to send subscribers the June 2017 data dump sometime in early July.
The Shadow Brokers have been very clear about why their subscription model is so expensive:
"If you caring about losing $20,000+ Euro then not being for you. Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments."- The Shadow Brokers
They claim to have exploits for smartphones and newer operating systems, including Windows 10, as well as confidential banking information and even stolen nuclear missile codes. If the Shadow Brokers are true to their word, the world has to prepare itself for something far worse than WannaCry.
But on the other hand, there's something unsettling about trusting hackers. The Shadow Brokers haven't revealed themselves yet, and so far they seem like a personification of WannaCry, demanding victims pay a large ransom. Experts, including security architect Kevin Beaumont, strongly encourage enterprises not to subscribe to this model.
But this raises a question. Is it wrong to pay criminals, even as a means to protect our networks? Especially since we still don't have any assurance that this subscription model is genuine, and its also hard to believe that the Shadow Brokers will keep up their end of the deal? Despite all this, some companies have decided to pay for the Shadow Broker's' high-priced subscription plan.
For organizations that decide to forgo the subscription fee altogether, implementing a strong network security system is one of the best ways to prepare for future threats. Security architects suggest enterprises go through three simple steps to fortify their network:
- Implement multilayered firewall security.
- Deploy a honeypot for deceptive technology.
- Keep your network up-to-date.
Multilayered Firewall Security
Every enterprise has a firewall to restrict unauthorized access to their network. But firewalls are not always as strong as they appear. Cyberattacks can easily get beyond firewalls and tap into a corporate network using phishing techniques. You can protect your servers and workstations independently by partitioning your network into multiple zones and microzones. That way, even if the attackers make a move against one layer (such as a workstation), your other layers (such as servers) will remain safe and clean. Establishing multilayered firewall security ensures that cyber breaches are only partially successful.
Cyberattacks usually target vulnerabilities like IP addresses, protocol space, and web servers. Honeypots, a key piece of deception technology, are a computer security mechanism used to deceive and bait cyber attackers. Disguised as a real network resource, honeypots serve as a decoy. In the event of an attack, attackers will fall for the trap and start attacking the honeypot rather than the actual web server, which is kept hidden. After attacking multiple times, the honeypot will identify too many breach attempts from a single channel and will block the attack vector for a while, thereby protecting your enterprise. For example, enterprises can use a forwarding server as a decoy to protect their main server.
While firewalls and honeypots can help prevent malicious traffic from entering your network, updating your internal systems also plays a vital role in eliminating data breaches. Update your operating systems to avoid any platform-oriented vulnerability breaches and patch your third-party applications to avoid any breaches that target applications. With reports stating that most recent data breaches happened because of Windows and Linux vulnerabilities, patching your systems is definitely mandatory.
Enterprises should not yield to the Shadow Brokers' subscription model. Rather, they should trust these three security best practices that are designed to protect enterprise networks. If you have $20,000 lying around, spend it on improving your network security, not funding the hackers that are attacking your network in the first place.