It’s been a year since WannaCry caused massive disruption to companies all over the world. The highly virulent ransomware, which was able to exploit an NSA-created tool called EternalBlue, was able to deliver its payload by using a flaw in the SMB 1 protocol. A year later, ESET has found EternalBlue is still a substantial threat.
ESET has published data showing that unpatched and unprotected systems are still being targeted and that EternalBlue is being used more today than it was a year ago.
The data shows that EternalBlue use by threat actors decreased after the WannaCry incident but reached new heights last month. And while the initial application of EternalBlue was to spread ransomware or to simply damage and disrupt systems, it’s also being used to distribute cryptojacking software and other payloads.
If you managed to dodge the WannaCry and NotPetya bullets last year without taking remedial action, then you’re not out of the woods. The same exploits can still attack you. One of the most common attack vectors used by malware users is to attack unpatched systems. They know there’s a portion of the population that won’t update systems, either through ignorance or because they believe they won’t be targeted.
The Australian Signals Directorate published their Essential Eight guide for mitigating security incidents. It’s an expansion on their old Top Four. Patching applications against known threats is a critical element of your risk mitigation.
If you haven’t patched or taken other redial steps against threats that use EternalBlue – it’s time to rethink your approach.