There is one thing small-time hackers and heavy-hitting black hats have in common—they both love the exploit known as EternalBlue. Evolved from the famous computer worms Conficker and Welchia, EternalBlue employs diverse exploits with new, brilliant-devised, and easy to deploy applications. As a hacker favorite, it leaves digital devastation in its wake while taking advantage of any unpatched systems it encounters. Whether targets are networks, systems, or individuals, EternalBlue is wildly efficient at spreading malware and infecting any host it meets.
The EternalBlue exploit was first developed by the National Security Agency (NSA) and later stolen by the Shadow Brokers hacker group on April 14, 2017. It was later used as a key component in the infamous WannaCry ransomware attack that crippled computers running the Microsoft Windows OS. Like all ransomware, it encrypted data and demanded crypto payments before returning the information.
The tool takes advantage of a vulnerability in the Windows Server Message Block, a transport protocol that permits Windows computers to communicate with each other and other devices for things like remote services and file sharing. Attackers took advantage of this feature, accessing their victims, and then manipulating them across the network to gain even greater entrance. Of course, Microsoft released its patches to correct the issue, even offer a version for Windows XP and Windows Server 2003, but much of the damage was done.
As a tool, EternalBlue is a joy for hackers who now recognize its potential for causing harm. It has been used to steal passwords from browsers and install malicious cryptocurrency miners on unsuspecting host computers. Even though the WannaCry exploit is in the past, cybercriminals still rely on EternalBlue exploits to get them through many of today’s attacks. And fortunately for them, many computers remain defenseless, even now, despite the massive push for increased vigilance.
New variations of EternalBlue have been installed themselves on host machines as crypto mining tools, making hacking techniques easier, more reliable, and even more effective. In the Middle East, recent attacks using the exploit have targeted transportation groups, like commercial airlines and industry technology firms, who failed to properly secure their systems. This negligence paired with late patching promises to keep EternalBlue going for years to come. And although authorities are watchful for hacker innovations using EternalBlue, its likely to fashion all sorts of attacks before anyone is the wiser.