The popularity of EternalBlue exploit keeps growing

by Gabriel E. Hall - -

EternalBlue exploit is more popular than it was a year ago

 EternalBlue exploit popularity is growing

Last year we saw one of the largest cyber attacks in the history of the Internet. Known as WannaCry (or WannaCryptor),[1] ransomware hit around 150 countries with the help of EternalBlue exploit kit which allowed exploiting vulnerability in Windows OS and get remote access to the machine. Nevertheless, the file-encrypting virus is not very active at the moment; researchers report that usage of the EternalBlue is higher than it was last year.

The recent research reports[2] that popularity of the exploit kit has been increasing for a couple of months and reached its peak in the middle of April 2018. The situation can be explained quite easily. Many computer users and companies haven’t installed available security patches and cyber criminals are aware of the situation.

EternalBlue exploit was used not only in ransomware distribution, but for delivering cryptojacking malware[3] too. Additionally, Russian hackers were spotted using it for attacking Wi-Fi networks in several hotels in Europe.[4] There’s no doubt that some evil-minded people continue scanning the web using for vulnerable machines right now; while you are reading this article.

EternalBlue targets vulnerability in Windows SMB protocol

The hacker group called Shadow Brokers stolen EternalBlue from the United States Security Agency (NSA) in the middle of April 2017.[5] However, the NSA did not confirm that they created this or several other leaked exploit kits.

However, since exploit kit became available on the dark web, cyber criminals managed to use it a couple of times. Since last year, it was used for worldwide ransomware attacks, including WannaCry, Petya/NotPetya and BadRabbit.

EternalBlue targets a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol via port 445. Such cyber attack allows attackers to execute arbitrary code on the targeted computer remotely.

Simply speaking, when hackers get access to the computer, they can remotely access any device or network connected to the targeted machine. Hence, they might install malware, hack printers or continue spreading via networks. Undoubtedly, this attack is especially dangerous and damaging for companies and organizations. Within a couple of hours, the whole work of the business might be stopped, and important data might be lost due to the cyber attack.

Protecting Windows computer from the attack

Microsoft released a security bulletin MS17-010 on 14 May 2017 to help users to protect their computer from possible cyber attacks. The company provided security updates for all vulnerable versions of Windows, including Windows XP which is not supported since April 2014.

However, not everyone rushed with installing important updates. Countless home computer users and companies are still using unprotected versions of Windows. Security specialists encourages to download them as soon as possible – they are available for free.

Additionally, to keep the computer full protected is also recommended to update all programs and uninstall outdated software that is not being used. Installation of security program is also recommended to keep the machine virus-free.

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate computer expert

Gabriel E. Hall is an expert troubleshooter who has been working in the information technology industry for years.

Contact Gabriel E. Hall
About the company Esolutions

References