Author Topic: EternalBlue & WannaCry  (Read 1323 times)

0 Members and 1 Guest are viewing this topic.

Offline MP-Ryan

  • Makes General Discussion Make Sense.
  • Global Moderator
  • 210
  • Keyboard > Pen > Sword
    • Twitter
EternalBlue & WannaCry
A.k.a. a demonstration of why intentionally running versions of an OS that no longer receive security updates or turning OFF automatic security updates is pure unadulterated stupidity.

https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

Here the NSA actually warned the vendor and a patch went out nearly two months ago, yet a large number of unpatched systems have recently been infected.
"In the beginning, the Universe was created.  This made a lot of people very angry and has widely been regarded as a bad move."  [Douglas Adams]

 
Re: EternalBlue & WannaCry
Oh yeah, I read about this general thing on Imgur a few days ago.

tl;dr Ransomware virus encrypts your stuff until you pay them to give it back, exploits an old hole, Microsoft patched it already, even on XP.

It seems that apparently, and to nobody's surprise, some people did not get that patch.

 

Offline Goober5000

  • HLP Loremaster
  • Administrator
  • 214
    • Goober5000 Productions
Re: EternalBlue & WannaCry
Reflexively blaming people for not patching their systems is too easy and simplistic.  Plenty of fault lies with the NSA for developing the exploit software in the first place:

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000mpb068eggcqczh61fx32wtiui
Quote
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

Then there is the systemic complexity of managing patching:

https://www.eff.org/deeplinks/2017/05/why-patching-problem-makes-us-wannacry
Quote
The WannaCry ransomware attacks demonstrate that patching large, legacy systems is hard. For many kinds of systems, the existence of patches for a vulnerability is no guarantee that they will make their way to the affected devices in a timely manner. For example, many Internet of Things devices are unpatchable, a fact that was exploited by the Mirai Botnet. Additionally, the majority of Android devices are no longer supported by Google or the device manufacturers, leaving them open to exploitation by a "toxic hellstew" of known vulnerabilities.

Even for systems that can be patched, applying patches to large enterprise or government systems in a timely manner is notoriously difficult. Enterprise and government systems can rarely afford the potential downtime that goes along with a software patch or upgrade. As one researcher put it, "enterprises often face a stark choice with security patches: take the risk of being knocked of the air by hackers, or take the risk of knocking yourself off the air."

 
Re: EternalBlue & WannaCry
Quote
Plenty of fault lies with the NSA for developing the exploit software in the first place

Passing it around in an unencrypted zip file probably also didn't help.

 
Re: EternalBlue & WannaCry
Apparently the Bitcoin address they're using has only received about $50k in payments, which is pretty lol
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline WeatherOp

  • 29
  • I forged the ban hammer. What about that?
    • http://www.geocities.com/weather_op/pageone.html?1113100476773
Re: EternalBlue & WannaCry
Apparently the Bitcoin address they're using has only received about $50k in payments, which is pretty lol

See that is one thing about this that screams the hackers weren't smart. If your ransomware just locks down the computer, what stops someone from popping in the windows disk, reinstalling and uploading a backup from a cloud server or hard drive?

Almost sounds like someone threw this out there to grab what they could without much effort.
Decent Blacksmith, Master procrastinator.

PHD in the field of Almost Finishing Projects.

 

Offline MP-Ryan

  • Makes General Discussion Make Sense.
  • Global Moderator
  • 210
  • Keyboard > Pen > Sword
    • Twitter
Re: EternalBlue & WannaCry
Reflexively blaming people for not patching their systems is too easy and simplistic.  Plenty of fault lies with the NSA for developing the exploit software in the first place

While not understating the fact that the NSA discovered and sat on the vulnerability, that doesn't excuse the fact that they eventually revealed the exploit and the **** has only hit the fan with WannaCry in the days long after a patch was deployed.  So I think its perfectly reasonable to blame individuals and systems administrators who have intentionally deployed and maintained obsolete operating systems without sufficient hardening against high-threat-level attacks.  E.g. running XP, which is THREE YEARS out of security patches, in an enterprise environment is pure reckless stupidity - and the individuals who intentionally run it at home to this day because they don't like 7/8/10 are beyond saving.
"In the beginning, the Universe was created.  This made a lot of people very angry and has widely been regarded as a bad move."  [Douglas Adams]

 
Re: EternalBlue & WannaCry
See that is one thing about this that screams the hackers weren't smart. If your ransomware just locks down the computer, what stops someone from popping in the windows disk, reinstalling and uploading a backup from a cloud server or hard drive?

The fact that most people don't keep good backups. Ransomware in general is a profitable enterprise, what's notable is that this specific ransomware has apparently not done too well.
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 
Re: EternalBlue & WannaCry
Yeah, you really have to analyze your prospective markets, otherwise you'll end up like the guys from Thundercrypt in Taiwan: https://twitter.com/fztalks/status/864852163230609408

 

Offline The E

  • He's Ebeneezer Goode
  • Global Moderator
  • 213
  • Nothing personal, just tech support.
    • Skype
    • Steam
    • Twitter
Re: EternalBlue & WannaCry
Reflexively blaming people for not patching their systems is too easy and simplistic.  Plenty of fault lies with the NSA for developing the exploit software in the first place

While not understating the fact that the NSA discovered and sat on the vulnerability, that doesn't excuse the fact that they eventually revealed the exploit and the **** has only hit the fan with WannaCry in the days long after a patch was deployed.  So I think its perfectly reasonable to blame individuals and systems administrators who have intentionally deployed and maintained obsolete operating systems without sufficient hardening against high-threat-level attacks.  E.g. running XP, which is THREE YEARS out of security patches, in an enterprise environment is pure reckless stupidity - and the individuals who intentionally run it at home to this day because they don't like 7/8/10 are beyond saving.

According to Kaspersky Labs, most WannaCry infections actually hit .... Windows 7. As in, 96% of them. The next runner-up was Windows Server 2008 R2. MS017-010, the vulnerability behind this, was patched there months ago, so it's not overreliance on XP that's the issue here, but a reluctance to apply updates when they are available.
**** every cause that ends in murder and children crying. ― Iain Banks
Join the fun at the HLP IRC channel. Get the latest spam and gossip as long as it's fresh!

 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: EternalBlue & WannaCry
Reflexively blaming people for not patching their systems is too easy and simplistic.  Plenty of fault lies with the NSA for developing the exploit software in the first place

While not understating the fact that the NSA discovered and sat on the vulnerability, that doesn't excuse the fact that they eventually revealed the exploit and the **** has only hit the fan with WannaCry in the days long after a patch was deployed.  So I think its perfectly reasonable to blame individuals and systems administrators who have intentionally deployed and maintained obsolete operating systems without sufficient hardening against high-threat-level attacks.  E.g. running XP, which is THREE YEARS out of security patches, in an enterprise environment is pure reckless stupidity - and the individuals who intentionally run it at home to this day because they don't like 7/8/10 are beyond saving.

https://www.bleepingcomputer.com/news/security/over-98-percent-of-all-wannacry-victims-were-using-windows-7/

EDIT: ninja'd

 

Offline MP-Ryan

  • Makes General Discussion Make Sense.
  • Global Moderator
  • 210
  • Keyboard > Pen > Sword
    • Twitter
Re: EternalBlue & WannaCry
I believe I covered the idiocy of turning off security updates in the OP too  :p
"In the beginning, the Universe was created.  This made a lot of people very angry and has widely been regarded as a bad move."  [Douglas Adams]

 
Re: EternalBlue & WannaCry
as far as security snafus go it's only a few shades behind installing firmware you found on random russian websites
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: EternalBlue & WannaCry
I see what you did there, PH  :rolleyes:

Anyways, relevant:  https://www.schneier.com/blog/archives/2017/05/the_future_of_r.html#c6753132   (Apparently Windows 7 and its server equivalent were the only platforms targeted, despite the vulnerability being present on other platforms including Win XP, which would explain why Win 7 was the majority of infections - the graph is flawed, other OSes weren't targeted besides Server 2008 or whatever Win 7's server equiv is).