Blog

Holy Cyberattack Batman! What Is EternalBlue And Are Your Devices Still Vulnerable?

Written by Brendan B | June 10, 2019 6:50:08 PM Z

Baltimore -- as in the entire city, has been dealing with the ramifications of a cyberattack that froze thousands of computers, brought emails to a halt, and stopped many city services from functioning properly.

How did this happen?

 

 

The NSA Lost Control Of A Powerful Cyberweapon

It seems like the plot of a Netflix spy program, but it's real. The National Security Agency, headquartered just a few miles down the Beltway from Baltimore, is now responsible for one of the worst breaches to befall a branch of the American government.

Analysts at the N.S.A. had spent over a year writing code to create a tool that could target widely used software for the purpose of intelligence gathering and counterterrosim operations.

The tool, known as EternalBlue, was actually a Windows operating system vulnerability. Microsoft issued a patch for the flaw on March 14th, but many users could still be vulnerable. This vulnerabilitiy was exploited in the widespread WannaCry ransomware attack, as well as the latest attacks to cripple Baltimore.

The vulnerability works by exploiting the Microsoft Server Message Block, allowing applications on a computer to read and write to files and to request services on the same network.

Microsoft has made it clear that performing the latest security updates are critical, "The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability," Microsoft said in a statement released by their security response center earlier this year.

Who Has Been Affected by EternalBlue?

 

 

EternalBlue was first posted online by a mysterious group known only as the "Shadow Brokers." Investigators are still trying to determine whether an inside actor was involved in its release. Since the exploit went public over a year and half ago, it has been picked up by hackers in Russia, North Korea, and China. It has been used to hack the data of hotel chains, retail stores, even the maker of Oreo cookies.

The latest targets seem to be city governments--who are not exactly known for running the most up-to-date technology.

Is Your Network Still Vulnerable?

If you are running an older version of Windows, you may still be vulnerable to this spreading menace.

PTG's cybersecurity experts can check to see if the version of Windows your business is running is vulnerable to attack. The danger is that this particular exploit can spread to unpatched computers like wildfire.

Here's how you can protect your data:

  1. Make sure you are running the latest version of Windows with all patches.
  2. Don't click on links from unknown email senders.
  3. Don't open attachments if you can't verify the source.

Tired of IT issues and computer downtime slowing your business down and cutting in to your bottom line? 

Click the button and schedule a quick meeting with one of our customer success managers.