Today: October 19, 2018, 1:39 pm
  
Computer & Technology

WannaCry might be the tip of the iceberg

Rick Holland, Vice President, Strategy, Digital Shadows
Rick Holland, Vice President, Strategy, Digital Shadows
Comment Article by Rick Holland, Vice President, Strategy, Digital Shadows

 

PR-Inside.com: 2017-06-06 09:58:28
The attack on 200,000 plus computers across more than 120 countries around the world by the WannaCry ransomware certainly got the attention of governments, media, consumers and law enforcement. But the actual impact could have been so much worse.

Much ink is still being expended trying to determine who was responsible and what their motives were and many believe this might have been the act of inexperienced hackers who lost control of their creation. Certainly, at the time of writing, none of the ransom has been collected from the bitcoin accounts victims were encouraged to send their money too.


But while WannaCry could have been so much worse in impact, what is clear is that the base exploit code it uses was part of a batch stolen by Shadow Brokers in April 2017 from the US National Security Agency’s (NSA) Equation Group and potentially last month’s attack could be just the tip of the iceberg.

Earlier in May 2017 CERT EU (The EU’s Computer Emergency Response Team) reported on a worm identified in the wild which has reportedly spread using exploit code leaked by Shadow Brokers in a similar fashion to WannaCry. CERT EU referred to this malware as "BlueDoom", but its internal name was reportedly "EternalRocks".

In addition to the EternalBlue Server Message Block (SMB) exploit used by WannaCry, EnternalRocks has reportedly also employed at least three additional exploits leaked by the Shadow Brokers: EternalChampion, EternalRomance and EternalSynergy as part of its propagation process.

All three of these exploits were developed to target SMB remote code execution vulnerabilities in Windows XP, all of which were patched in Microsoft's Apr 2017 MS17-010 release. However, unlike WannaCry, following a successful exploitation and subsequent deployment of the DOUBLEPULSAR backdoor on an infected machine the malware has reportedly not deployed any additional payload.

Why no payload is being deployed is unclear but we can speculate that EternalRocks was likely intended to be used to establish a presence on a large number of machines in order to facilitate the deployment of second-stage payloads sometime later. What that payload might be and what its function is are not clear and it remains to be seen how the actors responsible for developing this worm will exploit their access to infected machines.

What is clear is that this development highlights that the Eternal suite of Equation Group exploits and other technical assets leaked by the Shadow Brokers will almost certainly continue to pose a threat beyond WannaCry. Users and organizations which have not already implemented the relevant Microsoft patches and mitigations on the back of EternalBlue are advised to do so quickly.

Press Information
Digital Shadows
Conrad Offices, 19th Floor

Sheikh Zayed Rod, Dubai

Sharon Divan
PR
+97143827880
email
www.digitalshadows.com


# 448 Words
Related Articles
 
More From Computer & Technology
Breakthrough In Accessing The Tiny Magnet Within [..]
BREAKTHROUGH IN ACCESSING THE TINY MAGNET WITHIN THE CORE OF A SINGLE ATOM New method enables identification of different isotopes [..]
Thor Enterprise is Anti-Malware Solution of the [..]
Copenhagen, October 12, 2018 – The Computing Security Awards 2018, organized by one of the most influential and widely read [..]
Trillium Unveils PassGO Hacking Challenge at UCLA
UCLA's Engineering Society Gets First Look at Trillium's Online Car Hacking Simulation During Hack Across America Campaign LOS [..]
Singapore International Robo Expo 2018 returns against [..]
Tradeshow will focus on next generation robotics technologies SINGAPORE, Oct 4, 2018 - (ACN Newswire) - The Singapore International Robo [..]
86% of parents believe that smartphones should [..]
Mobile phone insurance provider, loveit coverit, surveyed parents in the UK across different topics regarding children and smartphone [..]

Disclaimer: If you have any questions regarding information in this press release please contact the company added in the press release. Please do not contact pr-inside. We will not be able to assist you. PR-inside disclaims the content included in this release.