wannacry might just be
Last Updated : GMT 05:17:37
Emiratesvoice, emirates voice
Emiratesvoice, emirates voice
Last Updated : GMT 05:17:37
Emiratesvoice, emirates voice

WannaCry might just be

Emiratesvoice, emirates voice

Emiratesvoice, emirates voice WannaCry might just be

At least, none of the ransom
Abu Dhabi - Emirates Voice

The attack on 200,000-plus computers across more than 120 countries around the world by the WannaCry ransomware certainly got the attention of governments, media, consumers and law enforcement. But the actual impact could have been so much worse.

Much ink is still being expended trying to determine who was responsible and what their motives were and many believe this might have been the act of inexperienced hackers who lost control of their creation. Certainly, at the time of writing, none of the ransom has been collected from the bitcoin accounts victims were encouraged to send their money to.

But while WannaCry could have been so much worse in impact, what is clear is that the base exploit code it uses was part of a batch stolen by Shadow Brokers in April 2017 from the US National Security Agency's (NSA) Equation Group and potentially last month's attack could be just the tip of the iceberg.

Earlier in May 2017 CERT-EU - the European Union's Computer Emergency Response Team - reported on a worm identified in the wild that has reportedly spread using exploit code leaked by Shadow Brokers in a similar fashion to WannaCry. CERT-EU referred to this malware as "BlueDoom", but its internal name was reportedly "EternalRocks".

In addition to the EternalBlue Server Message Block exploit used by WannaCry, EnternalRocks has reportedly also employed at least three additional exploits leaked by Shadow Brokers: EternalChampion, EternalRomance and EternalSynergy as part of its propagation process.

All three of these exploits were developed to target SMB remote code execution vulnerabilities in Windows XP, all of which were patched in Microsoft's April 2017 MS17-010 release. However, unlike WannaCry, following a successful exploitation and subsequent deployment of the DoublePulsar backdoor on an infected machine the malware has reportedly not deployed any additional payload.

Why no payload is being deployed is unclear but we can speculate that EternalRocks was likely intended to be used to establish a presence on a large number of machines in order to facilitate the deployment of second-stage payloads sometime later. What that payload might be and what its function is are not clear and it remains to be seen how the actors responsible for developing this worm will exploit their access to infected machines.

What is clear is that this development highlights that the Eternal suite of Equation Group exploits and other technical assets leaked by the Shadow Brokers will almost certainly continue to pose a threat beyond WannaCry. Users and organisations which have not already implemented the relevant Microsoft patches and mitigations on the back of EternalBlue are advised to do so quickly.

The writer is vice-president for strategy at Digital Shadows. Views expressed are his own and do not reflect the newspaper's policy.

Source: Khaleej Times

 

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

wannacry might just be wannacry might just be

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

wannacry might just be wannacry might just be

 



GMT 10:18 2016 Wednesday ,23 March

cartoon seven

GMT 10:16 2016 Wednesday ,23 March

cartoon five

GMT 09:58 2016 Wednesday ,23 March

cartoon four

GMT 10:31 2014 Tuesday ,23 December

Mirages of failure: Lebanon cannot wait

GMT 10:08 2018 Wednesday ,24 January

Microsoft to open 4 data centres

GMT 15:06 2011 Thursday ,04 August

Eastern China on alert as typhoon Muifa approaches

GMT 03:05 2017 Thursday ,02 March

Terry Fox Run raises millions

GMT 10:36 2011 Thursday ,24 November

Paracetamol overdose deadly

GMT 23:22 2017 Wednesday ,25 October

Why the State Bank of Pakistan has its hands full

GMT 04:46 2018 Saturday ,13 January

The 2015 Iran nuclear deal

GMT 10:27 2017 Thursday ,16 March

Asian markets boosted by Fed but dollar sinks

GMT 17:21 2017 Saturday ,22 July

BACA, Tamkeen sign agreement

GMT 16:02 2017 Friday ,13 October

Smartphone addict goes blind after gaming binge

GMT 12:09 2017 Sunday ,01 October

Palestinian expert praises Egypt’s role

GMT 10:59 2017 Sunday ,15 January

Natural History Museum showcases of Oman's rich

GMT 13:23 2017 Tuesday ,07 February

President decorates Elie Choueiry with Cedar Medal

GMT 08:37 2012 Wednesday ,29 February

Writer Tharwat Okasha dies
Emiratesvoice, emirates voice
 
 Emirates Voice Facebook,emirates voice facebook  Emirates Voice Twitter,emirates voice twitter Emirates Voice Rss,emirates voice rss  Emirates Voice Youtube,emirates voice youtube  Emirates Voice Youtube,emirates voice youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2025 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2025 ©

emiratesvoieen emiratesvoiceen emiratesvoiceen emiratesvoiceen
emiratesvoice emiratesvoice emiratesvoice
emiratesvoice
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
emiratesvoice, Emiratesvoice, Emiratesvoice