Jump to content

Windows Under Attack as NSA Exploit Usage Skyrockets


tao

Recommended Posts

EternalBlue, the stolen NSA exploit that was used to create the infamous WannaCry ransomware, is back in business, only that this time usage appears to skyrocket, according to security vendor ESET.

Researcher Ondrej Kubovič notes that while WannaCry attacks have dropped, EternalBlue is still around, and the first months of 2018 brought a worrying increase in the number of attacks based on this exploit.

EternalBlue is an exploit stolen from the NSA by hacking group Shadow Brokers in April 2016. It takes advantage of a vulnerability in the Windows Server Message Block (SMB) protocol, and Microsoft shipped patches even before the flaw went public.

But this doesn’t mean that attackers have stopped searching for targets. The researcher says cybercriminals are scanning the Internet for exposed SMB ports and are trying to compromise the host with an exploit that eventually allows for payloads deployed on the target machine and leading to different outcomes.

“Interestingly, according to ESET’s telemetry, EternalBlue had a calmer period immediately after the 2017 WannaCryptor campaign: over the following months, attempts to use the EternalBlue exploit dropped to “only” hundreds of detections daily,” the researcher notes.

“Since September last year, however, the use of the exploit has slowly started to gain pace again, continually growing and reaching new heights in mid-April 2018.”

Patches already available

Kubovič speculates that this increase in the number of attacks based on EternalBlue could be caused by the Satan ransomware campaign.

With patches fixing the vulnerability are already available, attackers can only compromise a Windows host if these updates aren’t installed. Microsoft’s security fixes were released in March 2017, and up-to-date computers should already be protected.

This increasing number of attacks, however, suggests that there still are many systems out there that haven’t deployed the updates, and this can only be concerning to say the least. Patches for the WannaCry ransomware are also available, including for Windows XP, despite this OS version exiting support in April 2014.

< Here >

Link to comment
Share on other sites


  • Replies 4
  • Views 675
  • Created
  • Last Reply

CIA EXPLOITS / HACKS WERE ALSO LEAKED AND WE ARE ALL AT THE GOVERNMENT CREATED BAD GUY'S MERCY...

Link to comment
Share on other sites


23 hours ago, humble3d said:

CIA EXPLOITS / HACKS WERE ALSO LEAKED AND WE ARE ALL AT THE GOVERNMENT CREATED BAD GUY'S MERCY...

I's a virus / worm hackers have been using the  ILOVEYOU virus method in exploits for   22 years.

Quote

It’s been 20 years since phishing first originated, and 15 years since the ILOVEYOU bug wormed its way into mailboxes on May 4, yet still criminals use these methods to gain access to organisations. Why? Because, remarkably, they still work.

https://www.itproportal.com/2015/05/05/iloveyou-bug-15-years-later/

 

The whole ransomware epidemic and  WannaCry is based on this old virus and peoples stupidity to open up emails from users they dont know . As long as people remain naive and click on files from people they don't know it will always remain a problem and if you not patched against this EternalBlue that's you're problem and no one elses . Even NOD32 can detect it . No patching or Antivirus  on windows  the OS with more malware and virus  than any other what gives? :lol:  The thing was when  the NSA used it , it was contained and  they only gave the virus to select people or everyone would been of been infected with it years ago . Back in the 1990s and early 2000s hackers had sense enough to make there own virus and didn't need to steal them from the government .

 

So who ever done this were not real hackers but social engineer wannabes that done it to try to make the NSA /CIA look bad and these agencies wont even give them the time of day or even admit it was theirs and they are using stuff now that  no one knows exist . Things we already know about conman sense can prevent but the scary stuff that smart people are prone to be infected by is the unknown things (0days)!:ph34r:

 

It not getting better it's just getting worse because all the agencies are getting new bosses and the war on whistle blowers is over.

http://www.nsaneforums.com/topic/312762-nsa-gains-military-cyber-command/

Now all the nation states are tuning  the WWW into a war zone they even got a new headquarters that cost the taxpayers millions for the NSA to operate there cyber military from .

Link to comment
Share on other sites


UnknownOne

most hackers are conmen, or the cybername 'social engineers'... Convince the gullible, exploit the dumb... security is crap in everything as you may have noticed with IOT.. backdoors in everything, what has been seen or exposed is nothing they are years old now. spectre meltdown the alphabet agencies have probably known this for some time don't expect things to get any better.. imagine the exploits available for built in telemetry that you really can't disable completely and appears to be completely stealth.. imagine a crafted antivirus update used to infect your system(zero day modify hosts file, mimic needed update, detect target file as infected replace with your infected file, modify host file again).. you have no idea what is possible.... the ordinary person will never know if  it gets found it gets removed and replaced.. Imagine crappy software programs written by cia,fbi,nsa etc to catch crackers chock full of backdoors, hardware id harvesting etc.... scary to think about what else there could be...

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...