According to telemetry of ESET, attacks based on EternalBlue exploit have reached historically high levels, with users being bombarded with hundreds of thousands of attacks each day.
Have passed two years since the EternalBlue exploit opened the door to one of the most brutal cyberattacks in history known as WannaCryptor (or WannaCry).
Since then, efforts to exploit this vulnerability by this exploit have increased significantly, and at the moment, they are at their peak, as reported by researchers of ESET.
The EternalBlue exploit was allegedly stolen from the NSA in 2016 and was made public on April 14, 2017 by a cybercriminal group known as Shadow Brokers. The exploit targets a vulnerability in the Server Message Block (SMB) protocol implementation, via port 445.
Although Microsoft had released a patch, and even before the launch of WannaCryptor 2017, there are still vulnerable systems around the world today, possibly due to inadequate security practices and patch updates.
EternalBlue is responsible for many cyber-attacks, such as Diskcoder.C (also known as PetyaNotPetya and ExPetya) and BadRabbit 2017. Also, well-known cybercriminals, such as Sednit (known as APT28, Fancy Bear and Sofacy), have used it for attacks on Wi-Fi networks. Recently, EternalBlue was held responsible for the spread of Trojans and cryptographic mining malware in China.
According to ESET researchers, this exploit and all cyberattacks highlight the importance of timely patching. Furthermore, they highlight the need for a reliable and polyflat security solution that can do much more than just stop the transfer of the malicious payload, such as protect against the underlying mechanism.
______________________
- Anonymous: the end of hacking
- Microsoft, Sony collaboration for game-streaming
- Google Chrome Canary: new configuration page