Security Market Segment LS
Sunday, 19 May 2019 18:38

Use of EternalBlue Windows exploit growing by the day: ESET

Use of EternalBlue Windows exploit growing by the day: ESET Image by Gerd Altmann from Pixabay

The EternalBlue exploit for Windows, crafted by the NSA and leaked online by a group known as the Shadow Brokers, is being increasingly used in exploits two years after it was used to create the WannaCry ransomware, malware that took the world literally by storm.

Slovakian security firm ESET said in a blog post that the use of EternalBlue, as measured by attacks on its clients, was at the peak of its popularity, with hundreds of thousands of attacks daily.

EternalBlue was one of a number of exploits dumped by the Brokers on Good Friday in 2017, making it doubly difficult for systems administrators as all the exploits could be used against Windows systems apart from Windows 10.

The exploit targets a flaw in Microsoft's implementation of the server message block protocol through port 445. Though the flaw was patched by Microsoft well before WannaCry hit in May 2017, there are plenty of vulnerable systems exposed to the Internet today.

ESET researcher Ondrej Kubovič said according to the date from the Shodan search engine, there were about a million Windows machines using the obsolete SMB v1 protocol, with most being in the US, followed by Japan and Russia.

"Poor security practices and lack of patching are likely reasons why malicious use of the EternalBlue exploit has been growing continuously since the beginning of 2017, when it was leaked online," he wrote.

"Based on ESET telemetry, attack attempts involving EternalBlue are reaching historical peaks, with hundreds of thousands of instances being blocked every day."

But, he pointed out that EternalBlue use might also be growing due to security professionals using it within corporate networks while hunting for vulnerabilities.

Kubovič said apart from WannaCry, EternalBlue had also powered the destructive Diskcoder.C (aka Petya, NotPetya and ExPetya) campaign and the BadRabbit ransomware campaign in 2017.

"Well-known cyber-espionage actors such as Sednit (aka APT28, Fancy Bear and Sofacy) were also caught using it against hotel Wi-Fi networks," he added.

This exploit and all the cyber attacks it enabled so far highlighted the importance of timely patching, Kubovič said.

"Moreover, it emphasises the need for a reliable and multi-layered security solution that can do more than just stop the malicious payload, such as protect against the underlying mechanism." he added.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News