Windows 10 is still vulnerable to EternalBlue, the stolen NSA exploit
Security vendor ESET recently detailed the latest reports regarding Windows attacks. Researcher Ondrej Kubovič released a study about the EternalBlue exploit and its effects after one year. Long story short, the exploit became more popular even than during the WannaCry outbreak. There’s a worrying increase in the number of attacks that are based on the exploit.
“And as ESET’s telemetry data shows, its popularity has been growing over the past few months, and a recent spike even surpassed the greatest peaks from 2017,” explains the researcher.
EternalBlue exploit is stronger than ever
The exploit was stolen from the NSA by the hacker group called Shadow Brokers back in April 2916 and it benefits from a vulnerability that was found in the Windows Server Message Block (SMB) protocol. Microsoft rolled out the patches even before the vulnerability became public.
Unfortunately, attackers are still looking for targets, and according to ESET’s researcher, cybercriminals are scanning the Internet for exposed SMB ports, and they’re trying to compromise hosts with an exploit that allows for payloads to be sent on the target machine.
One possible explanation for the latest peak is the Satan ransomware campaign seen around those dates, but it could be connected to other malicious activities as well. […] The exploit has also been identified as one of the spreading mechanisms for malicious cryptominers. More recently, it was deployed to distribute the Satan ransomware campaign, described only a few days after ESET’s telemetry detected the mid-April 2018 EternalBlue peak.
In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network. Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.
Microsoft has already made security fixes available
The patches to fix this vulnerability are already available, and this means that attackers can only hack systems that don’t have them installed. They were released by Microsoft back in March 2017, and updated computers should already be protected.
Also, ESET notes that “the infiltration method used by EternalBlue is not successful on devices protected by ESET. One of the multiple protection layers – ESET’s Network Attack Protection module – blocks this threat at the point of entry.”
The increasing number of attacks suggests that there are still a lot of systems that don’t have the patches installed which raises a lot of concern.
RELATED STORIES TO CHECK OUT:
- NSA’s EternalBlue exploit was ported to Windows 10, so what does that mean for you?
- ESET releases EternalBlue Vulnerability Checker tool for cyber attack verification
- Chrome enhances browsing privacy via new cookies handling process
Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]
The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]