Slovakian security firm ESET said in a blog post that the use of EternalBlue, as measured by attacks on its clients, was at the peak of its popularity, with hundreds of thousands of attacks daily.
EternalBlue was one of a number of exploits dumped by the Brokers on Good Friday in 2017, making it doubly difficult for systems administrators as all the exploits could be used against Windows systems apart from Windows 10.
The exploit targets a flaw in Microsoft's implementation of the server message block protocol through port 445. Though the flaw was patched by Microsoft well before WannaCry hit in May 2017, there are plenty of vulnerable systems exposed to the Internet today.
"Poor security practices and lack of patching are likely reasons why malicious use of the EternalBlue exploit has been growing continuously since the beginning of 2017, when it was leaked online," he wrote.
"Based on ESET telemetry, attack attempts involving EternalBlue are reaching historical peaks, with hundreds of thousands of instances being blocked every day."
But, he pointed out that EternalBlue use might also be growing due to security professionals using it within corporate networks while hunting for vulnerabilities.
Kubovič said apart from WannaCry, EternalBlue had also powered the destructive Diskcoder.C (aka Petya, NotPetya and ExPetya) campaign and the BadRabbit ransomware campaign in 2017.
"Well-known cyber-espionage actors such as Sednit (aka APT28, Fancy Bear and Sofacy) were also caught using it against hotel Wi-Fi networks," he added.
This exploit and all the cyber attacks it enabled so far highlighted the importance of timely patching, Kubovič said.
"Moreover, it emphasises the need for a reliable and multi-layered security solution that can do more than just stop the malicious payload, such as protect against the underlying mechanism." he added.