‘EternalBlue’ continues to be a popular threat actor among cybercriminals: Seqrite

Over 18 Million hits of Ransomware and Cryptomining campaigns in 2017-2018. ‘EternalBlue’ is the deadliest exploit leaked by hacking group known as Shadow Brokers in April last year.

Seqrite May 25th 2018

In its research report titled, ‘EternalBlue – A Popular Threat Actor of 2017-2018’, Seqrite, one of the leading providers of enterprise security solutions, today revealed that it has detected more than 18 million hits of the exploit in advanced cyberattacks like ransomware and distributed cryptomining campaigns. Almost a year after the infamous WannaCry ransomware attack, leaked NSA Exploit ‘EternalBlue’ continues to be a popular threat actor for cybercriminals to infiltrate into systems and make financial gains. The report highlights data sourced from Quick Heal Security Labs and gives insights into the exploit’s timeline, analysis and recent observations made around its existence till date.

 ‘EternalBlue’ is the deadliest exploit leaked by hacking group known as Shadow Brokers in April last year. Seqrite observed the first impression of EternalBlue in May 2017 with the outbreak of WannaCry ransomware. The detection count gradually started increasing as WannaCry started spreading to other systems making it the biggest ransomware attack in history that affected more than 150 countries. After the success of WannaCry, several new Proof of Concept or POC exploit were discovered on the internet for ‘EternalBlue. With this easy availability of ‘EternalBlue’, hackers were observed using the exploit in the ensuing attacks like EternalRocks worm, Petya a.k.a NotPetya ransomware and BadRabbit Ransomware. 
Following a detailed investigation, Seqrite further discovered that ‘EternalBlue’ which was mostly utilized in ransomware attacks is now also being increasingly deployed by hackers to distribute cryptomining campaigns like Adylkuzz, Zealot and WannaMine. According to the report, there has been a healthy increase in detection statistics from December with March recording the highest detection count of over 70 lakh hits. This is largely due to the rapid rise in the valuation of cryptocurrencies and the fact that cryptomining allows attackers to illegally and discreetly mine cryptocurrencies on infected endpoints.