According to her telemetry ESET, attacks based on exploit EternalBlue have reached all-time highs, with users bombarded with hundreds of thousands of attacks every day.
It has been two years since the exploit EternalBlue opened the door to one of the most violent cyber attacks in history, known as WannaCryptor (or WannaCry).
Since then, attempts to abuse the specific vulnerability have been greatly increased by the particular exploit, and are currently at their peak, as ESET researchers report.
The EternalBlue exploit was allegedly stolen from the NSA in 2016 and was made public on April 14, 2017 by a cybercriminal group known as Shadow Brokers. The exploit targets a vulnerability in the Server Message Block (SMB) protocol implementation, via the doors 445.
Although Microsoft had released a patch, and even before the launch of WannaCryptor 2017, there are still vulnerable systems around the world today, possibly due to inadequate security practices and patch updates.
EternalBlue is responsible for many cyber-attacks, such as Diskcoder.C (also known as PetyaNotPetya and ExPetya) and BadRabbit 2017. Also, well-known cybercriminals, such as Sednit (known as APT28, Fancy Bear and Sofacy), have used it for attacks on Wi-Fi networks. Recently, EternalBlue was held responsible for the spread of Trojans and cryptographic mining malware in China.
According to ESET researchers, this exploit and all cyber attacks highlight the importance of early patching. In addition, they underline the need for a reliable and multi-level security solution that can do much more than simply disrupt the transfer of malicious payload, for example to protect against the underlying mechanism.
______________________
- Anonymous: the end of hacking
- Microsoft, Sony collaboration for game-streaming
- Google Chrome Canary: new configuration page