Hacking and technology concept. Hacker using laptop with abstract business interface in blurry office interior Getty Images

EternalBlue Longevity Underscores Patching Problem

Three years after the Shadow Brokers published zero-day exploits stolen from the National Security Agency, the SMB compromise continues to be a popular Internet attack.

EternalBlue, the exploit publicly leaked three years ago next month, continues to threaten unpatched Windows servers connected to the Internet, with more than 100 different sources using it to attack systems on a daily basis, according to a new report by cybersecurity firm Rapid7.

Internet-connected servers vulnerable to EternalBlue have steeply declined since the WannaCry ransomware attack used the exploit to infect hundreds of thousands of systems in May 2017, destroying data and disrupted operations. Still, more than 600,000 servers continue to allow server message block (SMB) connections on the public Internet, according to Rapid7's Internet monitoring system. 

While some businesses need to keep the SMB port open to support critical legacy applications, for the most part companies are failing to detect and secure their attack surface, says Bob Rudis, chief data scientist for Rapid7. 

Read the full article. 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish