Security Market Segment LS
Sunday, 19 May 2019 18:38

Use of EternalBlue Windows exploit growing by the day: ESET

Use of EternalBlue Windows exploit growing by the day: ESET Image by Gerd Altmann from Pixabay

The EternalBlue exploit for Windows, crafted by the NSA and leaked online by a group known as the Shadow Brokers, is being increasingly used in exploits two years after it was used to create the WannaCry ransomware, malware that took the world literally by storm.

Slovakian security firm ESET said in a blog post that the use of EternalBlue, as measured by attacks on its clients, was at the peak of its popularity, with hundreds of thousands of attacks daily.

EternalBlue was one of a number of exploits dumped by the Brokers on Good Friday in 2017, making it doubly difficult for systems administrators as all the exploits could be used against Windows systems apart from Windows 10.

The exploit targets a flaw in Microsoft's implementation of the server message block protocol through port 445. Though the flaw was patched by Microsoft well before WannaCry hit in May 2017, there are plenty of vulnerable systems exposed to the Internet today.

ESET researcher Ondrej Kubovič said according to the date from the Shodan search engine, there were about a million Windows machines using the obsolete SMB v1 protocol, with most being in the US, followed by Japan and Russia.

"Poor security practices and lack of patching are likely reasons why malicious use of the EternalBlue exploit has been growing continuously since the beginning of 2017, when it was leaked online," he wrote.

"Based on ESET telemetry, attack attempts involving EternalBlue are reaching historical peaks, with hundreds of thousands of instances being blocked every day."

But, he pointed out that EternalBlue use might also be growing due to security professionals using it within corporate networks while hunting for vulnerabilities.

Kubovič said apart from WannaCry, EternalBlue had also powered the destructive Diskcoder.C (aka Petya, NotPetya and ExPetya) campaign and the BadRabbit ransomware campaign in 2017.

"Well-known cyber-espionage actors such as Sednit (aka APT28, Fancy Bear and Sofacy) were also caught using it against hotel Wi-Fi networks," he added.

This exploit and all the cyber attacks it enabled so far highlighted the importance of timely patching, Kubovič said.

"Moreover, it emphasises the need for a reliable and multi-layered security solution that can do more than just stop the malicious payload, such as protect against the underlying mechanism." he added.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News