Many stories are floating around on the internet about computer viruses and worms that made an enormous impact on the world. From legends like the blistering fast SLAMMER worm from 2003 or the I LOVE Bug worm that set the stage for the fishing email notoriety, we see today. But the story behind EternalBlue has it all. Leaked straight out of the NSA's toolbox, it was a key asset for the well-known WannaCry ransomware to wreak havoc on the world. Some will even argue that it led to a full-on \"Cyber War\"...
\nBefore we start, this story is way too complex to fully cover in a short blog. We are skipping a lot, so go out and read more if you are interested.
\nFrom 2016 to 2017, the InfoSec community was turned upside down by the so-called \"Shadow Brokers\". This unknown, mysterious group was responsible for five major leaks containing classified hacking tools, collected and archived by the NSA. The NSA has an unprecedented catalog of unknown exploits and backdoors due to decades of hoarding. But instead of notifying the software vendor about these vulnerabilities, they keep these to themselves. These exploits are valuable weapons for the NSA to protect the United States of America and its citizens (controversial, but a topic for another day).
\nOn April 14, 2017, the Shadow Brokers released their fifth leak containing multiple exploits. Infamous EternalBlue was one of them.
\nGreat question! EternalBlue takes advantage of a vulnerability seen in Microsoft's implementation of the SMB protocol. SMB stands for Server Message Block. It is primarily used in Windows for shared folders. Like most of these protocols, it makes communication between two nodes on a network possible via request-response messages (gross over-simplification).
\nHowever, Microsoft made a critical error in the way these request messages where handled. By sending a carefully made request to port 445 (which was by default open) containing more data than expected, an attacker was able to set a \"buffer overflow\" in motion. Making the execution of unsigned (and thus malicious) code possible.
\nA month before the leak, something remarkable happened. The NSA contacted Microsoft to inform them about EternalBlue, presumably because the NSA knew something was about to go down. Microsoft got to work immediately and mysteriously delayed its Patch Tuesday because of a \"last-minute issue\". They eventually released a security bulletin on March 14, the now infamous: MS17-010. Unfortunately, such a wide-spread piece of software like Windows has a prolonged update adaption rate. This proved, once again, to be true...
\nOn May 12, 2017, the WannaCry (powered by EternalBlue) ransomware attack took the world by storm, infecting and encrypting 230,000 computers in over 150 countries. Russia, Ukraine, India, and Taiwan where affected the most, according to Kaspersky Lab. Huge factories from Nissan and Renault came to a screeching halt. NHS hospitals in the UK where severely affected by the attack and where locked out of essential medical equipment. Some estimated that economic losses could be in the hundreds of millions. North Korea is the main suspect for the attack. Two North Korean hackers have been expedited.
\nNot much later, on June 27, 2017, Ukraine got stomped by another vicious cyberattack. Armed with EternalBlue, the malware called \"NotPetya\" was able to cause significant damage. The attack was mainly targeted towards Ukrainian banks, government bodies, and state-owned organizations. Think of airports, railways, and telecom companies. Even the radiation monitoring system at the Chernobyl Nuclear Power Plant went offline. Because the attack seemed to be aimed at paralyzing the Ukrainian state rather than for monetary motives, Russia is the main suspect. Although Ukrainian authorities and the CIA spoke out, Russia denies any involvement.
\nScary stuff, right? Should you still be worried about EternalBlue in 2020? Well, the exploit indeed lives up to its name. According to Trend Micro, in 2019, two years after WannaCry broke loose, 73,763 detections were made of specific malware samples known to use EternalBlue. Luckily, Microsoft's MS17-010 patch has reached most home users. But organizations are notoriously slow with updating their hardware. Therefore, EternalBlue is still a famous attack today.
\nBut what can you do, you might ask? If we can take one thing from all of this, we should stop using SMB over the internet. EternalBlue is undoubtedly not the last SMB related exploit. Blue's younger brother, SMBleed (CVE-2020-1206), is a new vulnerability and works very similar. It was only patched by Microsoft in June of this year.
\nhttps://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
\nhttps://research.checkpoint.com/2017/eternalblue-everything-know/
\nhttps://docs.microsoft.com/nl-nl/security-updates/securitybulletins/2010/ms10-017
\nhttps://www.independent.co.uk/news/uk/home-news/nissan-sunderland-cyber-attack-ransomware-nhs-malware-wannacry-car-factory-a7733936.html
\nhttps://www.cbsnews.com/news/hospitals-across-britain-hit-by-ransomware-cyberattack/
\nhttps://www.bbc.com/news/world-europe-39907965
\nhttps://www.bbc.com/news/technology-40706093
\nhttps://www.nytimes.com/2017/06/28/world/europe/ukraine-ransomware-cyberbomb-accountants-russia.html
\nhttps://www.independent.co.uk/news/world/europe/chernobyl-ukraine-petya-cyber-attack-hack-nuclear-power-plant-danger-latest-a7810941.html
\nhttps://www.securityweek.com/smbleed-vulnerability-impacts-windows-smb-protocol
\nhttps://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/putting-the-eternal-in-eternalblue-mapping-the-use-of-the-infamous-exploit
\nhttps://www.darkreading.com/vulnerabilities---threats/eternalblue-longevity-underscores-patching-problem/d/d-id/1337233
\n","frontmatter":{"date":"October 27, 2020","updated_date":null,"title":"EternalBlue: A retrospective on one of the biggest Windows exploits ever","tags":["Cyber Security","Exploits","Virus"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/579582de5b60f995b00553dd02616f3c/ee604/etbluecover.png","srcSet":"/static/579582de5b60f995b00553dd02616f3c/69585/etbluecover.png 200w,\n/static/579582de5b60f995b00553dd02616f3c/497c6/etbluecover.png 400w,\n/static/579582de5b60f995b00553dd02616f3c/ee604/etbluecover.png 800w,\n/static/579582de5b60f995b00553dd02616f3c/f3583/etbluecover.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Anonymous","github":null,"avatar":null}}}},{"node":{"fields":{"slug":"/engineering/blockchain-the-new-technology-of-security-trust/"},"html":"These days we have all come across one of the coolest buzzwords in the IT industry: \"The Blockchain\". It might seem to be a new magic word in the market that companies spell interest in their businesses. However, the complexity of it is incredibly far-reaching. Blockchain integrates the openness and flexibility of the internet with the security of cryptography to come out with a safer, faster way of verification of information and most importantly establishes trust in this open world.
\nBlockchain was first developed by an anonymous programmer or group of programmers known by a name 'Santoshi Nakamoto'.It was an underlying technology for the Bitcoin, which is used for peer-to-peer transactions. Blockchain at its heart is a list of transactions like a distributed ledger open to all in the network. It stores the data in such a way that it seems virtually impossible to add, update or remove any information stored without the notice of other users in a peer-to-peer network.
\nBlockchain mainly performs two tasks: collect and order data in blocks- similar to the traditional computer database and then chain them securely using cryptography.
\nLet us take a closer look at each block in this enormous chain –
\nThe copy of the complete blockchain is with all the participants so that they can detect tampering if the hash matches across the chain then everyone knows that it is trustworthy.\nBlockchain is an emerging technology but has been evolving ever since its innovation. This technology has the unlimited potential to bring about an upheaval in the way everyone- organisations, governments, individuals work together. It promises a simple, secure, paperless path to establish trust for virtual transactions of money, products and other confidential information worldwide.
\nBlockchain is one of the technologies that has gained popularity from its very birth, and now it is being used in many fields.
\nIn financial markets, trade is very dynamic where there is the exchange of money, assets involving multiple banks; this may lead to unexpected errors. To reduce this bottleneck blockchain came up with the idea of smart contracts which is a small computer program that describes the transactions step by step combining multiple blockchains, multiple assets and executes the transactions securely.
\nBlockchain can keep track of many commercial transactions and efficiently hold sensitive information. A digital id via blockchain secures the data stored and can be used worldwide in your fingertips.
\nBlockchain can be very handy in monitoring the supply chain in food and manufacturing industries by removing paper-based trails and also removing intermediaries between producers to customers. Not just the above applications it is used in many more places and has changed, is going to change the world around us.
\nThough it is a new technology, it has an enormous ability to transform everything existing now. As a coin has its two faces, blockchain technology also has some glitches as it can destroy the middlemen in many of the industries.\nBlockchain has already spread its root firmly in soils of the new world, and the swarm of transformation has already begun. It is the responsibility of all the young generation to make complete usage of this technology as it matures and make it to become a huge money plant.
\n","frontmatter":{"date":"October 08, 2020","updated_date":null,"title":"Blockchain: The new technology of trust","tags":["Blockchain","Cyber Security"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.6666666666666667,"src":"/static/39f6130fcc45e64f3049c5db8f8a19be/14b42/CoverPage.jpg","srcSet":"/static/39f6130fcc45e64f3049c5db8f8a19be/f836f/CoverPage.jpg 200w,\n/static/39f6130fcc45e64f3049c5db8f8a19be/2244e/CoverPage.jpg 400w,\n/static/39f6130fcc45e64f3049c5db8f8a19be/14b42/CoverPage.jpg 800w,\n/static/39f6130fcc45e64f3049c5db8f8a19be/a6352/CoverPage.jpg 960w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Shraddha V Prasad","github":"shraddhavp","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/learn-about-vdn-for-cybersecurity/"},"html":"Generally, MIM attacks are breaking to believe the traditional encryption technologies and targeting the intermediate nodes between the sender and receiver.
\nMIM stands for man-in-the-middle. In the World of Cybersecurity, a man-in-the-middle attack (MIM) is an attack where the attacker breaks into the middle of the network pathway silently such that the sender and receiver are not able to intercept and they believe they are directly communicating with each other. One such example of a MIM attack is active eavesdropping. In this example, an attacker can be sitting with a piece of software somewhere in the network path and capturing all the relevant network traffic for later analysis. The attacker can intercept all relevant messages passing between the two victims and by smartly monitor and alter old ones or inject new ones. It can become complicated and arise problems for the organization.
\nSSL and Virtual Private Networks do not always protect messages as they travel across intermediary pathways. So, that where virtual dispersive networking comes into the picture.
\nVDN follows the approaches or methods of traditional military radio spread spectrum security. Radios rotate through the frequencies randomly, and communications are divided or split into multiple pieces (or streams). So now, only one receiving radios are programmed to reassemble these pieces into their original form.\nVDN divides the original message into some multiple parts, and it will encrypt each component separately and routes them over many servers, computers, and even mobile phones. The data also move out dynamically to optimum paths — both randomizing the paths the messages take while simultaneously taking into the server congestion or other network issues.\nWhen it comes to the role of Hackers, they are left scrambling to find out data parts as they go through like data centers, Cloud, Internet, and so on.
\nToday, Dispersive Technologies' business is largely government-centric, with initial forays into commercial industries with high-value targets like banks and utilities. There are many opportunities for Dispersive technology in the cloud computing world. The cloud can host the redirects at the center of their methodology without much of a stretch. However, cloud conditions can use Dispersive to set up secure communications between clouds or between on-premise information. These hybrid cloud situations regularly rely on VPNs, which will, in general, be flaky and moderate. Dispersive Technologies have become replacement of VPNs, thereby improving the security, performance, and manageability of hybrid clouds as well as virtual private clouds.
\nAs with any industry, change can be frightening (especially when sensitive data is part of the equation), but if the organization is aware of the new developments, they can begin implementing some of these security technologies into their existing IT infrastructure and enjoy some peace of mind without worrying about future threats.
\n","frontmatter":{"date":"October 07, 2020","updated_date":null,"title":"Virtual Dispersive Networking","tags":["VDN","Cyber Security"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/6d5defa57e9455bd106e0dc993e5dfc3/14b42/MIM.jpg","srcSet":"/static/6d5defa57e9455bd106e0dc993e5dfc3/f836f/MIM.jpg 200w,\n/static/6d5defa57e9455bd106e0dc993e5dfc3/2244e/MIM.jpg 400w,\n/static/6d5defa57e9455bd106e0dc993e5dfc3/14b42/MIM.jpg 800w,\n/static/6d5defa57e9455bd106e0dc993e5dfc3/9842e/MIM.jpg 900w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Binay Agarwal","github":"agarwalBinay18","avatar":null}}}}]}},"pageContext":{"tag":"Cyber Security"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}