EternalBlue Exploit more Popular today than during WannaCry Outbreak

ESET’s telemetry data shows, its popularity has been growing over the past few months

Photo Credit : Shutterstock,

ESET reveals the EternalBlue exploit is still as popular today as it was during the initial WannaCry outbreak.

It’s been a year since the WannaCryptor.D ransomware (aka WannaCry and WCrypt) caused one of the largest cyber-disruptions the world has ever seen. And while the threat itself is no longer wreaking havoc around the world, the exploit that enabled the outbreak, known as EternalBlue, is still threatening unpatched and unprotected systems.

ESET’s telemetry data shows, its popularity has been growing over the past few months, and a recent spike in April 2018 even surpassed the greatest peaks from 2017. Interestingly, according to ESET’s telemetry, EternalBlue had a calmer period immediately after the 2017 WannaCryptor campaign: over the following months, attempts to use the EternalBlue exploit dropped to “only” hundreds of detections daily. Since September last year, however, the use of the exploit has slowly started to gain pace again, continually growing and reaching new heights in mid-April 2018.

The EternalBlue exploit targets a vulnerability (addressed in Microsoft Security Bulletin MS17-010) in an obsolete version of Microsoft’s implementation of the Server Message Block (SMB) protocol, via port 445.

In an attack, black hats scan the Internet for exposed SMB ports, and if found, launch the exploit code. If it is vulnerable, the attacker will then run a payload of the attacker’s choice on the target. This was the mechanism behind the effective distribution of WannaCryptor.D ransomware across networks.


Tags assigned to this article:
EternalBlue WannaCry eset

Advertisement

Around The World