These SMB exploits on unpatched Windows computers may go on for years?
Here is the article in question:
The leaked … hacking tool that will wreak havoc for years to come
“We expect EternalBlue to be used for years to come by both espionage and criminal actors,” said Area 1 Security co-founder Blake Darché, a former network analyst. “SMB vulnerabilities are key to conducting a destructive computer network attack with great efficacy.”
The masterfully engineered hacking tool had once provided U.S. spies with “unreal” intelligence, one former U.S. official told the Washington Post.
Without an update, operating systems vulnerable to EternalBlue include Windows XP, Windows Vista SP2, Windows 7, Windows Server 2008 R2 and Windows Server 2012 — each remains popularly used, especially outside of the U.S.
Craig Williams, a senior technical leader with Cisco’s elite threat intelligence collection unit, Talos, described the module as a sort of “lock pick that can open windows machines which have not been patched.”
“Once the door has been unlocked any payload can be snuck inside,” said Williams. “This means we will continue to see threats like botnets, ransomware, DDoS kits, etc. continue to take advantage of this as long as there are vulnerable machines. It’s likely it will be years until we see the end of this threat.”
It’s likely that EternalBlue will be used in other ransomware-style attacks in the near future, predicts Brian Martin, a vice president of vulnerability intelligence for U.S. cybersecurity consultancy Risk Based Security.
In the last week, a different malware variant dubbed EternalRocks was also discovered in the wild using code from both EternalBlue and another … tool codenamed DoublePulsar, which functions as a backdoor implant.
So my question is: Is this right? That this will go on for years?
Continue reading These SMB exploits on unpatched Windows computers may go on for years?