WannaCry’s successor EternalRocks is even worse know about the new cyber threat

-


Following the host of worldwide ransomware attacks by a malware called WannaCry, a new one called EternalRocks has arrived and is said to be potentially more dangerous than the former. According to a report, researchers have said that ‘EternalRocks’ exploits the same vulnerability in Microsoft Windows that helped WannaCry spread to computers. The malware too uses an NSA tool known as ‘EternalBlue’ for proliferation, according to a report in Fortune. The report added that EternalRocks uses six other NSA tools, including EternalChampion, EternalRomance, and DoublePulsar, which is a part of the infamous ‘WannaCry’. The last 10 days have seen a wave of cyber attacks that have rendered companies helpless around the globe.
 
Initially, it was just WannaCrypt or WannaCry that spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March this year. The malware encrypted files on infected machines and demanded payment for unlocking them. WannaCry had some loopholes that made it easier to slow and circumvent.
Here are two important things you should know about EternalRocks: 
 
1. In its current form, ‘EternalRocks’ does not have any malicious elements. It does not lock or corrupt files or use compromised machines to build a botnet. However, it leaves infected computers vulnerable to remote commands which could ‘weaponise’ the infection at any time.

2. ‘EternalRocks’ is stronger that WannaCry because it does not have any weaknesses, including the kill switch that a researcher used to help contain the ransomware.

EternalRocks uses 7 hacking tools and is more complex

EternalRocks uses six of the NSA's SMB-based cyber tools to infect systems. BleepingComputer reported that the NSA tools used by the worm are EternalBlue, EternalChampion, EternalSynergy and EternalRomance – all of which are SMB exploits used to hack into computers. The worm also leverages the two NSA SMB reconnaissance tools SMBTouch and ArchTouch to spy on infected computers. Finally, the worm spreads to other vulnerable systems using the DoublePulsar exploit.
The NSA tools were leaked by the Shadow Brokers hacker group in April, who, in the wake of the WannaCry attacks, threatened to dump ever more cyberweapons in the coming months. Security experts linked one of the exploits leaked by the Shadow Brokers called EternalBlue to the WannaCry attacks. Even as security researchers grappled with the ransomware outbreak and stop further such attacks, Microsoft publicly slammed the NSA over its practice of stockpiling cyberweapons, blaming it for the widespread ransomware attacks.

According to Bleeping Computer's report, although EternalRocks does not currently spread malicious content and can be considered less dangerous than WannaCry, it is far more dangerous than its predecessor, according to Stampar.
EternalRocks uses a two-stage installation process as part of its attack, with the second stage coming with a delayed initiation. This is so the worm can function even more secretively and avoid detection.
During the first stage, EternalRocks infects a system, downloads Tor and beacons its C&C (command and control) server located on the Tor network, in the dark web. The second stage of the attack begins after 24 hours, when the C&C server responds. This delayed attack technique has likely been incorporated to hoodwink security experts analysing the worm.
Additionally, infected computers keep running DoublePulsar, which comes with a backdoor feature. The attackers have not taken measures to protect the DoublePulsar implant, which is currently running in a default and unprotected state. This means that other hackers could also use the backdoor to compromise systems already infected by EternalRocks to install further malware.

EternalRocks has no kill switch and can be weaponised

The worm can potentially be instantaneously weaponised with ransomware, banking Trojans or RATs, since it uses a broader range of exploits. Although the worm currently appears to be in the development and testing stage, the danger of this new attack technique becoming the next major cyber threat remains very real.
More importantly, EternalRocks unlike WannaCry, does not come with a kill switch, which was what security experts used to stop the WannaCry attacks. This means that at present, there is no simple way to stop potential EternalRocks attacks.
SMB vulnerabilities have been increasingly targeted by hackers recently to launch large-scale attacks. New cyber threats leveraging SMB flaws continue to emerge everyday. It is therefore essential that systems be patched immediately to run the most recent and updated version of operating system.
"The worm is racing with administrators to infect machines before they patch, Once infected, he can weaponise any time he wants, no matter the late patch."




Comments

Post a Comment

Popular posts from this blog

How to Repair Kali Linux grub after installing Windows in Dual boot System

-
Image
If your System has primary OS Windows then you install your secondary OS Kali Linux. That will be OK, Kali Linux puts boot entry of Windows automatically for you. At initial boot menu you can see both OS entry to boot. If your windows is corrupt in dual boot system or if you want to install windows as secondary OS after installing Kali Linux as primary OS. You may face corrupt boot-loader menu. You wont be able to boot Kali Linux any more because Windows wont put entry of Kali Linux automatically in their boot menu. So this post motive is to help those guys which are facing those problems subjecting to corrupt Boot-loader. There are mainly two methods: 1. Repair Grub via Kali Linux live USB. 2. Repair Grub Via Boot-rapair-disk. Method 1# Repair Grub via Kali Linux live USB It is up to you which you want to choose but if you are Linux familiar then go for this method. Requirements 1. A Kali Linux ISO image. You can download here: Download Kali Linux
Read more

PDFCrack - Password Cracking Tool for PDF-files

-
Image
PDFcrack is a GNU/Linux tool for cracking password protected PDF files. It is a very small command line application. It is not preinstalled in kali linux. We can install through command line. For installing pdfcrack open a terminal and enter apt install pdfcrack Syntax and options Usage: pdfcrack -f filename [OPTIONS]           : pdfcrack -f filenmae -w passwordfile.txt OPTIONS : -b, --bench perform benchmark and exit -c, --charset=STRING Use the characters in STRING as charset -w, --wordlist=FILE Use FILE as source of passwords to try -n, --minpw=INTEGER Skip trying passwords shorter than this -m, --maxpw=INTEGER Stop when reaching this passwordlength -l, --loadState=FILE Continue from the state saved in FILENAME -o, --owner Work with the ownerpassword -u, --user Work with the userpassword (default) -p, --password=STRING Give userpassword to speed up breaking ownerpassword (implies -o) -q, --quiet Run quietly -s,
Read more

Avet – Open Source Anti-Virus Evasion Tool

-
Image
When we want to perform an exploitation to a windows target, we need a payload that is undetectable to Antivirus Solutions. Msfvenom on its own is not enough. So we need an AV evasion tool to make this easy for us. Avet is a tool for building exe files with shellcode payloads for antivirus evasion. Installing Avet First clone the repository to our machine. git clone https://github.com/govolution/avet.git   After that go inside the folder and run the setup file to install wine and other missing components. cd avet/       Run the setup file to install the missing components.   ./setup.sh     Select create  for new installation   Running Avet There are two ways to run avet. Run avet by typing the command below. python avet_fabric.py   There are two ways to run avet. Either by compiling the make_avet script as shown below, or by  running the avet_fabric.py script, as shown. gcc -0 make_avet make_avet.c
Read more