Malware WannaCry And Vulnerability EternalBlue Remain at Large


One specific aspect of malware and one vulnerability continues to develop as security companies have been reconstructing the highest trends in the past weeks that is - WannaCry and EternalBlue. WannaCry spreads quickly since Windows Server Message Block Version 1, also known as EternalBlue, had a vulnerability to a broad flaw. Microsoft had already fixed the vulnerability, CVE-2017-0143 - effectively, shortly before WannaCry was released - with its system update MS17-010.

For example, the security agency Trend Micro claims that WannaCry, trailed by cryptocurrency miners, and Emotet has been the most popular form of malware family found last year. Whereas Emotet was newly disrupted by police departments.

“The one thing that really keeps WannaCry prevalent and active is the fact that it is wormable ransomware,” says Rik Ferguson, vice president of security research at Trend Micro. "Couple that with the fact that Shodan showed me just now that there remain 9,131 internet-facing machines vulnerable to MS17-010 and you quickly begin to understand why it continues to propagate." 

The National Security Agency, which apparently developed the exploit for the SMB v1 flaw, seems to have started the EternalBlue. This exploit was then leaked or robbed by the Shadow Brokers Party in 2017 and eventually obtained and leaked. Two months later, EternalBlue-targeting was released, with many analysts claiming it was created by North Korean hackers, who then might have lost all control of the WannaCry. 

Although WannaCry seems to be the malware frequently detected, it does not imply that it is the most harmful or even most of the devices contain it. Not all such codes are published and even if they are, they don't guarantee success. 

However, everything being favorable, the continued circulation of WannaCry shows that at least some unencrypted devices remain infected. Regrettably, certain unencrypted systems asymptotically decrease, never reaching zero. In 2020, Conficker - a Malware Family that was initially identified as targeting a vulnerability in Microsoft Server - was the 15th largest form of malware by Trend Micro. "Other variants after the first Conficker worm spread to other machines by dropping copies of itself in removable drives and network shares," according to Trend Micro. 

Though ransomware profits may be rising, the most frequently viewed malware in the wild has improved little in recent times from a quantitative point of view. 

The Finnish security company, F-Secure, for example, lists network exploits and file handling errors as the most malicious code attacks in 2020. And the most frequently viewed form of attempted exploit still battles the EternalBlue vulnerability of SMB v1. "There are three different threat detections that contributed to this: Rycon, WannaCry, and Vools," Christine Bejerasco, vice president of security firm F-Secure, Tactical Defense Unit, stated.