After WannaCry, experts fear the worst is yet to come as more cyberweapon leaks loom

'Its exploits and vulnerabilities as a service,' one cybersecurity expert warned.Unsplash/Oliver Thomas Klein

Cybersecurity researchers are warning future leaks from The Shadow Brokers, a mysterious hacking unit which helped fuel a ransomware epidemic last month, will result in a complete "s**tshow" for companies, governments and internet users across the globe.

The hacking team has already demonstrated they mean business: releasing alleged NSA exploits into the wild after a prior "auction" failed to gain traction. In mid-May 2017, the group said it was launching a "subscription model" that would publish fresh leaks every month.

"The more months go by, and more nation-state level toys get released, the more subscribers they will have, the more money they will make, the more WannaCry's we will see," warned Rik Ferguson, a cyber expert and advisor to Europol, this week (6 June).

Advertisement

In April, The Shadow Brokers released a Microsoft Windows exploit into-the-wild which was later used to help power a form of ransomware.

Dubbed "WannaCry", the malware infected hundreds of thousands of computers in more than 150 countries, Europol said at the time.

Now, with more leaks promised, experts fear the worst is yet to come.

"Now everyone knows that the content and information they have is real [and] what they have hasn't been dumped in its entirety. The Shadow Brokers have looked at how they go-to-market and how they can maximise their return on hacking investment, Ferguson continued.

"Its exploits and vulnerabilities-as-a-service."

"We can expect they will maximise subscription income by drip-feeding the exploits that they have for as long as possible because if its a subscription model they don't want to dump everything on the first month."

In one previous statement the hacking team, which some believe may be linked to Russia, said it wanted cryptocurrency as a buy-in to the latest model. The group claimed to have exploits on everything from modern browsers to network data from nuclear missile programmes.

Advertisement

"Relatively amateur malware weaponised using nation-state exploits is probably the least of our concerns," Ferguson said. "What we should be concerned about is professional gangs getting hold of nation-state level digital weapons and using them for traditional criminal activities.

"That's what we can expect."

According to James Lyne, a well-known cybersecurity expert, TED talk alumni and head of research at enterprise firm Sophos, there is little that can be done to stop future attacks - which in the past have caught many companies and technologists unaware.

"They have got everyone's attention now, which poses a far greater risk as this plays out," he said in a keynote speech at 2017's Infosecurity Europe. "We better just hold onto our seats, look back at what has already happened and bolster our defences as much as we can."

Advertisement

The true culprits behind The Shadow Brokers remain unknown. State-sponsored or not, it has become defined by its rambling, and often incoherent, statements published online. In recent updates, the group has singled out specific cybersecurity researchers critical of the group.

It is believed to have obtained some, if not all, of its cyber-arsenal from an alleged NSA-linked hacking unit known as The Equation Group. In 2015, cybersecurity firm Kaspersky Lab claimed that team was "probably one of the most sophisticated cyberattack groups in the world."

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.