WannaCry sparked one of the largest cyberattacks the world has ever seen. And while the threat itself is not causing further damage around the world, the exploit that triggered the outbreak, known as EternalBlue, is still threatening unprotected and unpatched systems. And as ESET telemetry data shows.
This is an exploit allegedly developed by the NSA. It was leaked by the hacker group Shadow Brokers on April 14, 2017, exploiting a vulnerability in the implementation of Microsoft’s Server Message Block protocol. This vulnerability, denoted as CVE-2017-0144, is due to the fact that version 1 of the SMB server accepts specific packages from remote attackers in various versions of Microsoft Windows, allowing them to execute code on the computer in question.
The Windows security update of March 14, 2017 solved the problem through security patch MS17-010, for all versions of Windows that were maintained by the company at that time: Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016 but…. For various reasons, many Windows users had not installed MS17-010 when, two months later, on May 12, 2017, it occurred the WannaCry attack using the EternalBlue vulnerability.
It is important to note that the infiltration method used by EternalBlue is not successful on ESET protected devices, as one of the multiple layers of protection ESET’s Network Attack Protection module – blocks this threat at the point of entry. This can be compared to someone at 2 a.m. knock on the door gently trying to find out if someone is still awake. As such activity is more often carried out by someone with malicious intent, the entrance is sealed to keep the intruder out.
EternalBlue allowed large-scale cyberattacks to be carried out and not only WannaCry, but also promoted other destructive attacks such as Diskcoder.C also known as NotPetya, BadRabbit ransomware, Fancy Bear, etc.
This shows the importance of seeing and following cybersecurity tips that, as well as we will know how to keep your equipment updated, would be one of the critical and key points to improve our cybersecurity.
See also:
WannaCry, one of the biggest cyberattacks in history
FreakOut – A Botnet targeting Linux
[…] reads:EternalBlue was the exploit used by WannaCryWannaCry, one of the biggest cyberattacks in historyeCh0raix is the ransomware that targets NAS […]