Email us at office@sencode.co.uk

Contact Us Today 01642 716680

EternalBlue

Definition: EternalBlue is the name given to a cybersecurity exploit that targets vulnerabilities in Microsoft's implementation of the Server Message Block (SMB) protocol. It was believed to have been developed by the U.S. National Security Agency (NSA) and was leaked by the hacker group known as The Shadow Brokers in April 2017.

acting as a featured image for the page

EternalBlue is notorious for its role in several extensive cyber attacks, most famously during the WannaCry ransomware outbreak in May 2017, and subsequently in the NotPetya attack. The exploit allows unauthorized remote execution of commands by sending specially crafted packets over the network to a target vulnerable SMB server. It can enable attackers to spread malware across networks rapidly without user interaction, which is partly why the attacks leveraging EternalBlue were able to proliferate so quickly and widely.

Following the leak of EternalBlue, Microsoft released a security patch to address the underlying vulnerability. However, the existence of unpatched systems and the exploit’s potent capabilities cemented its status as a significant threat. EternalBlue emphasised the importance of robust patch management policies and the risks of stockpiling cyber weapons.

How to protect against EternalBlue

The most effective and reliable way to protect against EternalBlue is to apply all the security updates Microsoft releases. With up-to-date security, vulnerabilities will be patched, and EternalBlue exploits will no longer threaten your system. If you wish to further defend against EternalBlue vulnerability, you can configure your firewalls to block SMB traffic from outside your network, or you can disable SMBv1 as it is outdated and, so, is more vulnerable to attacks.

Key Characteristics:

  • Remote Code Execution: Enables the execution of arbitrary code on the target system.
  • Exploiting SMB Protocol: Targets older Windows systems with a specific vulnerability in SMB.
  • Led to Major Cyber Attacks: Notably used in the spread of the WannaCry ransomware.
  • Highlights Importance of Patching: Demonstrated the risk of not quickly applying security updates to known vulnerabilities.

Examples:

  • Real-World Example: EternalBlue was used in the WannaCry ransomware attack to rapidly infect unpatched Windows computers across multiple countries and industries.
  • Hypothetical Scenario: An attacker scans the internet for machines that still have the SMB vulnerability unpatched. Upon finding a vulnerable server, they use EternalBlue to gain access and install malware.

Related Terms:

  • Exploit: A method taking advantage of a vulnerability in software to perform unauthorised actions.
  • Ransomware: Malicious software that encrypts a victim’s files and demands payment for the decryption keys.
  • WannaCry: A global ransomware campaign in 2017 that used EternalBlue to infect systems.

Related Services:

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.

      Looking for reliable Penetration Testing? Use the contact form below and request a quote today.

      Address

      Fusion Hive
      North Shore Road
      Stockton-on-Tees
      North East
      UK
      TS18 2NB

      Resources

      Glossary Careers Privacy Policy Contact Us

      Penetration Testing

      Penetration Testing Web App Penetration Testing Network Penetration Testing Mobile App Penetration Testing Social Engineering API Penetration Test GDPR Penetration Test VAPT

      Security Assessments

      Security Assessments Vulnerability Assessment Red Team Assessment AWS Cloud Security Review Microsoft Cloud Security Review OSINT Assessment Cyber Awareness Training
      01642716680 office@sencode.co.uk
      Trustpilot

      © 2024 Sencode Limited | Company Registration Number 12265595 | VAT Number 366 0145 11 | All Rights Reserved