Windows 10 is still vulnerable to EternalBlue, the stolen NSA exploit

by Radu Tyrsina
Radu Tyrsina
Radu Tyrsina
CEO & Founder
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of... read more
Affiliate Disclosure
windows 10 eternalblue exploit

Security vendor ESET recently detailed the latest reports regarding Windows attacks. Researcher Ondrej Kubovič released a study about the EternalBlue exploit and its effects after one year. Long story short, the exploit became more popular even than during the WannaCry outbreak. There’s a worrying increase in the number of attacks that are based on the exploit.

And as ESET’s telemetry data shows, its popularity has been growing over the past few months, and a recent spike even surpassed the greatest peaks from 2017,” explains the researcher.

EternalBlue exploit is stronger than ever

The exploit was stolen from the NSA by the hacker group called Shadow Brokers back in April 2916 and it benefits from a vulnerability that was found in the Windows Server Message Block (SMB) protocol. Microsoft rolled out the patches even before the vulnerability became public.

Unfortunately, attackers are still looking for targets, and according to ESET’s researcher, cybercriminals are scanning the Internet for exposed SMB ports, and they’re trying to compromise hosts with an exploit that allows for payloads to be sent on the target machine.

One possible explanation for the latest peak is the Satan ransomware campaign seen around those dates, but it could be connected to other malicious activities as well. […] The exploit has also been identified as one of the spreading mechanisms for malicious cryptominers. More recently, it was deployed to distribute the Satan ransomware campaign, described only a few days after ESET’s telemetry detected the mid-April 2018 EternalBlue peak.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

Microsoft has already made security fixes available

The patches to fix this vulnerability are already available, and this means that attackers can only hack systems that don’t have them installed. They were released by Microsoft back in March 2017, and updated computers should already be protected.

Also, ESET notes that “the infiltration method used by EternalBlue is not successful on devices protected by ESET. One of the multiple protection layers – ESET’s Network Attack Protection module – blocks this threat at the point of entry.”

The increasing number of attacks suggests that there are still a lot of systems that don’t have the patches installed which raises a lot of concern.