'EternalBlue' still popular exploit among cybercriminals: Seqrite

IANS

Thursday, May 10, 2018

With a detection count of over seven million in March 2018 globally, the leaked exploit developed by the US National Security Agency (NSA) "Eternal Blue" will continue to be a popular threat actor for cyber criminals to infiltrate into systems and make financial gains this year, a new report said on Wednesday.

Seqrite, the enterprise security solutions brand of Quick Heal Technologies, in its research report "Eternal Blue--A Popular Threat Actor of 2017-2018"--revealed that it has detected more than 18 million hits of the exploit in advanced cyber attacks like ransomware and distributed cryptologist campaigns.

"Eternal Blue", considered as one of the deadliest exploits, was leaked by the hacking group known as "The Shadow Brokers" in April 2017.

Seqrite said that it observed the first impression of "Eternal Blue" in May 2017 with the outbreak of Wanna Cry ransomware. The detection count gradually increased as Wanna Cry started spreading to wider geographies.

After the global Wanna Cry cyber attack, several new Proof of Concept (POC) exploits were discovered on the Internet for "Eternal Blue".

With an easy availability, hackers were observed using the exploit in the ensuing attacks like Eternal Rocks worm, Petya (also known as NotPetya) and Bad Rabbit ransomware.

"Exploits leaked by 'The Shadow Brokers'--especially Eternal Blue--have helped hackers to launch some of the biggest cyber attacks," said Sanjay Katkar, Joint Managing Director and Chief Technology Officer at Quick Heal Technologies Limited.

Seqrite also discovered that "Eternal Blue" is now being deployed by hackers to distribute cryptologist campaigns like Adylkuzz, Zealot and Wanna Mine.

"While hackers using 'Eternal Blue' to launch ransomware attacks is widely known, it is interesting to note that cyber criminals are now leveraging this tool to distribute cryptologist campaigns. What is worrisome is that a large number of endpoints continue to be unprotected and vulnerabilities remain unlatched," Katkar added.

Earlier in 2018, Quick Heal said that ransomware grew 300 per cent in 2017 in comparison with 2016 and in 2018 such attacks are set to become even more vicious.

‹ › ×