ShadowBrokers Wine Of The Month Club Launched

ShadowBrokers "Wine Of The Month Club" Launched

Threat ID:: CC-1451
Category:
Threat Severity:: High
Threat Vector:: Hacking tool
Published:: 7 June 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

ShadowBrokers "Wine Of The Month Club" Launched

Threat details

At the time of publication, the ShadowBrokers have released details about how to subscribe to their monthly hacking tools subscription service which is labelled "Wine Of The Month Club" which will grant subscribers access to the as yet unreleased zero day exploits.

The contents of the forthcoming releases are believed to contain exploits for the following:

Operating systems including Windows 10.
Web browsers, routers and smartphones.
Compromised data from banks and Swift providers.

Despite this uncertainty, the recent WannaCry incident has illustrated the effectiveness of leaked hacking tools and it is likely the subscription service will result in the release of more zero-day malware into the wild.

**Update 01/08/2017**

TheShadowBrokers have made a recent online announcement regarding a price increase to its NSA hacking tools subscription service, which they have previously dubbed "The Wine of the month club". The group announced that "due to popular demand" their service will now cost 500 ZEC or 2000 XMR, from August 2017.

**Update 07/09/2017**

TheShadowBrokers have released their latest data dump for September 2017 and have issued a press release along side it. The group have confirmed they will now be issuing two data dumps per month and will only be accepting Zcash as payment.

Remediation steps

Type	Step
	If your network becomes infected immediately report it to your AV provider for investigation and patching Ensure your AV software is kept updated with the very latest security definitions, to detect current and evolving strains of malware. Ensure your AV software is in support (and updates are released for your operating system), properly configured and automatically scans all files and file operations (including file reads, writes and re-names). Routine scheduled scans should also be configured to scan critical areas such as servers and shared network file storage. Ensure all available security patches are deployed to desktop and server operating systems and security appliance, as a matter of urgency Use a vulnerability scanner such as Nessus, OpenVAS or Microsoft Baseline Security Analyser to check patching levels across your estate (Internet facing assets should be prioritised.) Review firewall rules and port configurations. Consider network segregation for unsupported operating systems and medical devices. Ensure strong passwords are implemented throughout your estate. Assign permissions on the based on principle of least privilege Ensure your organisation has applied the remedial advice found in the CareCERT Information sharing portal article WannaCry Ransomware Using SMB Vulnerability (CC-1411)

Type

Step

If your network becomes infected immediately report it to your AV provider for investigation and patching
Ensure your AV software is kept updated with the very latest security definitions, to detect current and evolving strains of malware.
Ensure your AV software is in support (and updates are released for your operating system), properly configured and automatically scans all files and file operations (including file reads, writes and re-names). Routine scheduled scans should also be configured to scan critical areas such as servers and shared network file storage.
Ensure all available security patches are deployed to desktop and server operating systems and security appliance, as a matter of urgency
Use a vulnerability scanner such as Nessus, OpenVAS or Microsoft Baseline Security Analyser to check patching levels across your estate (Internet facing assets should be prioritised.)
Review firewall rules and port configurations.
Consider network segregation for unsupported operating systems and medical devices.
Ensure strong passwords are implemented throughout your estate.
Assign permissions on the based on principle of least privilege
Ensure your organisation has applied the remedial advice found in the CareCERT Information sharing portal article WannaCry Ransomware Using SMB Vulnerability (CC-1411)

Last edited: 17 February 2020 11:38 am