With a detection count of over seven million in March 2018 globally, the leaked exploit developed by the US National Security Agency (NSA) “EternalBlue” will continue to be a popular threat actor for cybercriminals to infiltrate into systems and make financial gains this year, a new report said on Wednesday. Also Read - Almost 60 percent of internet users in India fell prey to hacking in the last 1 year: Report
Seqrite, the enterprise security solutions brand of Quick Heal Technologies, in its research report “EternalBlue–A Popular Threat Actor of 2017-2018”–revealed that it has detected more than 18 million hits of the exploit in advanced cyberattacks like ransomware and distributed cryptomining campaigns. Also Read - Mobile cyberattacks on Indian firms up by 854% in 2021: Report
“EternalBlue”, considered as one of the deadliest exploits, was leaked by the hacking group known as “The Shadow Brokers” in April 2017. Also Read - This new ransomware locks you out of your PC and encrypts your data
Seqrite said that it observed the first impression of “EternalBlue” in May 2017 with the outbreak of WannaCry ransomware. The detection count gradually increased as WannaCry started spreading to wider geographies.
After the global WannaCry cyber attack, several new Proof of Concept (POC) exploits were discovered on the Internet for “EternalBlue”.
With an easy availability, hackers were observed using the exploit in the ensuing attacks like EternalRocks worm, Petya (also known as NotPetya) and BadRabbit ransomware.
“Exploits leaked by ‘The Shadow Brokers’–especially EternalBlue–have helped hackers to launch some of the biggest cyberattacks,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer at Quick Heal Technologies Limited.
Seqrite also discovered that “EternalBlue” is now being deployed by hackers to distribute cryptomining campaigns like Adylkuzz, Zealot and WannaMine.
“While hackers using ‘EternalBlue’ to launch ransomware attacks is widely known, it is interesting to note that cybercriminals are now leveraging this tool to distribute cryptomining campaigns. What is worrisome is that a large number of endpoints continue to be unprotected and vulnerabilities remain unpatched,” Katkar added.
Earlier in 2018, Quick Heal said that ransomware grew 300 per cent in 2017 in comparison with 2016 and in 2018 such attacks are set to become even more vicious.