Shadow Brokers Hacker Group Threatens More Code Leaks, Releases

Shadow Brokers, the phantom group that allegedly leaked U.S. National Security Agency hacker tools, is threatening to release more code, according Reuters. The big question: Will MSPs and channel partners take the hacker threat seriously or has skepticism set in following recent WannaCry hysteria?

According to the report:

"A blog post written by the group promised from June to release tools every month to anyone willing to pay for access to some of the tech world's biggest commercial secrets.

It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. "More details in June," it promised."

Mystery Hackers, Potential Targets

Cybersecurity professionals, Security Operations Center (SOC), managed security services providers (MSSPs) and technology companies are on high alert amid the warning. Just about every major security software company has weighed in on the earlier round of attacks -- the so-called WannCry and WannaCrypt ransomware barrage that started Friday, May 12.

Kaspersky Lab and Symantec believe the WannaCry attack contained code that resembled programs tied back to  North Korea operation, though neither company directly accused the country of wrongdoing, Reuters said.

Amid the threat of new attacks, pundits are keeping a close eye on SWIFT, a network that allows banks and financial services firms to send and receive information about financial transactions in a secure manner.

Patch, Backup, Educate

This is a particularly tricky time for security companies and their channel partners. Amid the recent WannaCry attacks, vendors and IT media (including ChannelE2E) flooded MSPs, VARs and service providers with marketing information and news coverage about the ransomware attacks.

Amid all the noise, most partners simply zeroed in on the obvious immediate steps:

  • Patch Microsoft Windows with readily available code updates that stop the WannaCry exploit.
  • Maintain proper backups in case an emergency restore was required.
  • Remind customers, yet again, not to click on email links that could be phishing attempts tied to malware.

The risk ahead: If the Shadow Brokers group is serious and a fresh wave of cyberattacks arrives in June, partners may treat the early news reports and vendor alerts as click bait and marketing hype -- rather than legitimate calls to action.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.