Slashdot Mirror

← Back to Stories (view on slashdot.org)

One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever (bleepingcomputer.com)

Posted by BeauHD on from the still-relevant dept.

An anonymous reader quotes a report from Bleeping Computer: Exactly one year after the biggest cyber-security incident in history, the exploit at the heart of the WannaCry attack is now more popular than ever, according to telemetry data gathered by Slovak antivirus vendor ESET. Named EternalBlue, the exploit was supposedly developed by the cyber division of the U.S. National Security Agency. EternalBlue was part of a large cache of tools that a hacker group known as The Shadow Brokers stole from NSA servers in 2016 and then leaked online from August 2016 to April 2017. Many suspect the NSA might have notified Microsoft of what the Shadow Brokers stole, because in March 2017, a month before EternalBlue was released, Microsoft released MS17-010, a security bulletin containing patches for the many SMB-targeting exploits included in the Shadow Broker leak.

Even if EternalBlue is not being used anymore to help ransomware become a virulent nightmare on a global level (only on a network level), most regular users don't know that it's still one of today's biggest threats. This threat doesn't only come from malware authors continuing to weaponize it for a diverse set of operations. Malware authors wouldn't ever bother with an inefficient exploit. ExploitBlue continues to be a threat because of the vulnerable machines still available online. According to Nate Warfield of the Microsoft Security Response Center, there are still plenty of vulnerable Windows systems exposing their SMB service available online.

10 of 62 comments (clear)

  1. Uh. ExploitBlue? Another one? by mnemotronic · · Score: 2

    ..ExploitBlue continues to be a threat because ...

    BleepingTypo, not BleepingComputer.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  2. No one wants the solution by Anonymous Coward · · Score: 2, Interesting

    You can explain to people that to work better, live without paranoia have increased security, have stability and control go use linux.

    It just does not work though, if we were logical animals out for our best interest and getting things done windows would have sank into oblivion decades ago but there is something mentally wrong with the vast majority of us and the obvious solution sitting under everyones nose is ignored to continue what we already know doesn't work.

    *shrug*

    Humans, weird lil monkies I must say, but unless we aerosol spray a retro virus to change our nature you can keep screaming at them full force with all the effect of a summer breeze against a mountain of stupid.

    1. Re:No one wants the solution by ArchieBunker · · Score: 2

      If Linux had 90% of the desktop marketshare I guarantee you'd see these exact same exploits. Look how long Heartbleed was around before anyone noticed it.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re: No one wants the solution by Anonymous Coward · · Score: 2, Insightful

      Why limit this discussion to desktops? There are plenty of reasons to target servers and, for that matter, high performance computing systems. A lot of potentially sensitive data could be obtained from compromising servers. And there may be even greater value from compromising high performance computing systems. Some of those systems include dedicated GPU resources. If such a system was compromised, an attacker could use those to mine cryptocurrency on someone else's bill, not to mention what other sensitive data might be stored on those systems. There are plenty of worms that attempt to target Linux systems, including exploiting vulnerable SSH servers. Part of the issue is that Linux systems typically don't run lots of potentially vulnerable services by default, whereas lots of services are running by default on Windows.

    3. Re:No one wants the solution by Anonymous Coward · · Score: 2, Informative

      I'll switch to Linux as soon as SolidWorks and Altium release builds. At least AutoCAD has a version for OSX but they didn't do that until recently.

      Technically, Altium already has...
      https://www.altium.com/solution/linux-pcb-design-software
      Maybe not the product you were wishing for, though?

  3. Linux huge role in the flaw... by ELCouz · · Score: 4, Informative
    From the article tweet:

    Almost a year after WannaCry and there's still over a million SMB servers without auth exposed to the world. At least it looks like "only" 66k of them are running Windows

    Samba is still using SMB v1 by default on many configurations for legacy purpose.

    1. Re:Linux huge role in the flaw... by thegarbz · · Score: 2

      And the legacy reason? Supporting Windows machines.

      There's nothing legacy about it. Samba itself is a perfectly fine protocol and one of the few that is actually nicely cross platform which can not be said for NFS or AFS. It nicely decouples the file system attributes from the sharing protocol and allows authentication on a per share level without having to worry about matching file system permissions between the server and clients.

      Hell I used to work at a linux only shop that used samba as its primary way of sharing for exactly this reason.

    2. Re:Linux huge role in the flaw... by sjames · · Score: 2

      You should look at the history of it. It took the EU ordering MS to open up to get anything like complete support for the distinctly MS protocol. I wouldn't call it exactly cross platform so much as a triumph of reverse engineering.

  4. Isn't it time to stop exposing SMB to the world? by jonwil · · Score: 2

    Isn't it time Microsoft started changing Windows so that it no longer exposes the horridly broken SMB protocol to the Internet at large (rather than the local LAN) unless you explicitly turn on the ability for the Internet at large to speak SMB to your computer?

  5. Re:Isn't it time to stop exposing SMB to the world by thegarbz · · Score: 4, Informative

    Microsoft doesn't. It's blocked by default. SMBv1 is also disabled by default and has been for quite a while. Unfortunately there are just as many idiots in the Linux admin world as there are in the Windows world, and the vast majority of these are nothing to do with Windows.

    The summary tweet in TFA:
    "Almost a year after WannaCry and there's still over a million SMB servers without auth exposed to the world. At least it looks like "only" 66k of them are running Windows"