EternalBlue exploit is more popular than it was a year ago
Last year we saw one of the largest cyber attacks in the history of the Internet. Known as WannaCry (or WannaCryptor),[1] ransomware hit around 150 countries with the help of EternalBlue exploit kit which allowed exploiting vulnerability in Windows OS and get remote access to the machine. Nevertheless, the file-encrypting virus is not very active at the moment; researchers report that usage of the EternalBlue is higher than it was last year.
The recent research reports[2] that popularity of the exploit kit has been increasing for a couple of months and reached its peak in the middle of April 2018. The situation can be explained quite easily. Many computer users and companies haven’t installed available security patches and cyber criminals are aware of the situation.
EternalBlue exploit was used not only in ransomware distribution, but for delivering cryptojacking malware[3] too. Additionally, Russian hackers were spotted using it for attacking Wi-Fi networks in several hotels in Europe.[4] There’s no doubt that some evil-minded people continue scanning the web using for vulnerable machines right now; while you are reading this article.
EternalBlue targets vulnerability in Windows SMB protocol
The hacker group called Shadow Brokers stolen EternalBlue from the United States Security Agency (NSA) in the middle of April 2017.[5] However, the NSA did not confirm that they created this or several other leaked exploit kits.
However, since exploit kit became available on the dark web, cyber criminals managed to use it a couple of times. Since last year, it was used for worldwide ransomware attacks, including WannaCry, Petya/NotPetya and BadRabbit.
EternalBlue targets a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol via port 445. Such cyber attack allows attackers to execute arbitrary code on the targeted computer remotely.
Simply speaking, when hackers get access to the computer, they can remotely access any device or network connected to the targeted machine. Hence, they might install malware, hack printers or continue spreading via networks. Undoubtedly, this attack is especially dangerous and damaging for companies and organizations. Within a couple of hours, the whole work of the business might be stopped, and important data might be lost due to the cyber attack.
Protecting Windows computer from the attack
Microsoft released a security bulletin MS17-010 on 14 May 2017 to help users to protect their computer from possible cyber attacks. The company provided security updates for all vulnerable versions of Windows, including Windows XP which is not supported since April 2014.
However, not everyone rushed with installing important updates. Countless home computer users and companies are still using unprotected versions of Windows. Security specialists encourages to download them as soon as possible – they are available for free.
Additionally, to keep the computer full protected is also recommended to update all programs and uninstall outdated software that is not being used. Installation of security program is also recommended to keep the machine virus-free.
- ^ Olivia Morelli. WannaCry ransomware virus. How to remove? (Uninstall guide). 2-spyware. Security and spyware news.
- ^ Ondrej Kubovič. One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak. WeLiveSecurity. An IT security site.
- ^ Roland Moore-Colyer. NSA exploit EternalBlue is back and powering WannaMine cryptojacking malware. TheINQUIRER. News, reviews and opinion for tech buffs.
- ^ Lorenzo Franceschi-Bicchierai. Russian Hackers Are Targeting Hotels Across Europe, Researchers Say. Motherboard. News and entertainment website.
- ^ Robert Mendick. Russian-linked cyber gang blamed for NHS computer hack using bug stolen from US spy agency. The Telegraph. Latest news, business, sport, comment, lifestyle and culture.