In the wake of the WannaCry ransomware attack that infected more than 300,000 computers in 150 countries earlier this month, another attack using U.S. National Security Agency exploits has been discovered.
The latest attack, known as EternalRocks, is a hybrid of several NSA exploits leaked by hacking group the Shadow Brokersthe same group that released the EternalBlue exploit used to spread WannaCry.
Read: WannaCry Ransomware: How To Decrypt Your Files If You've Been Hit By WannaCry
Trending: Sex in Space: Sperm Sent to International Space Station Produces Healthy Micepaving Way for Extraterrestrial Babies?
EternalRocks, which is also referred to as MicroBotMassiveNet, was first discovered by Miroslav Stampar, a security researcher and member of the Croatian governments Computer Emergency Readiness Team (CERT). Its believed the attack has been live since early May, before the spread of WannaCry and after the start of a cryptocurrency mining attack that began using the NSA exploits in April.
In a report posted on his GitHub account, Stampar said EternalRocks currently has no payload, which means it is currently not performing any malicious action. It is simply spreading itself using a two-stage process that takes place over a 24-hour period.
The first stage of the attack infects a vulnerable Windows machine that has not yet been patched to fix the MS17-010 vulnerabilitythe same vulnerability exploited by WannaCry that was originally patched by Microsoft in March after being alerted to the security hole by the NSA.
Don't miss: Manchester Attack: Watch James Corden's Tribute to the 'Strong, Proud and Caring' People of U.K. City
During the first stage, EternalRocks downloads its components onto the infected device. It also downloaded the Tor browser, an anonymous web browser that is often used to connect to dark web sites that are not accessible through standard browsers.
The second stage commences after a 24-hour period. During this stage, the exploits are downloaded from a .onion domain, which is reached by the Tor browser. EternalRocks then begins looking for other open ports that it can connect to and spread itself through.
Read: WannaCry Ransomware Attack: NSA Disclosed Vulnerability To Microsoft After Learning It Was Stolen By Shadow Brokers
Most popular: Europa League Final: Five Ways Manchester United Could Lose to Ajax
Stampar said EternalRocks spreads using all of the Microsoft Server Message Block (SMB) exploits leaked by the Shadow Brokers, including EternalBlue, EternalChampion, EternalRomance, EternalSynergy, ArchiTouch, SMBTouch and DoublePulsar.
Andra Zaharia, a security evangelist at Heimdal Security, wrote in a blog post that while EternalRocks makes use of some of the same exploits as WannaCry, it shows a long-term intent to make use of vulnerabilities and seems focused on establishing a launching pad for future attacks.
Varun Badhwar, the CEO and co-founder of cloud security firm RedLock, told International Business Times, attacks such as this can spread even faster in the cloud where organizations have no visibility into their workloads or network traffic.
Badhwar warned that its no longer a matter of if, but when any given organization will face a security incident and said everyone must operate under the assumption that they will get breached someday, and prepare for those scenarios in advance by using proper security protocols to protect against attacks.
More from Newsweek
Here is the original post:
EternalRocks Attack Spreads While Using Same Exploit As WannaCry Ransomware - Yahoo News UK
- The Nation in Brief - Arkansas Online - September 23rd, 2020
- The use of facial recognition to fight crime: Japan case - Geospatial World - September 23rd, 2020
- FBI and Tesla thwart $4 million Bitcoin ransomware plot - Cointelegraph - August 31st, 2020
- Man offered $1M in Bitcoin to plant malware - Micky News - August 31st, 2020
- How AI Has Helped The Dark Web - AI Daily - August 31st, 2020
- Browser fingerprinting more prevalent on the web now than ever before research - The Daily Swig - August 20th, 2020
- To Gmail, Black Lives Matter emails are 'promotions' - The Next Web - July 5th, 2020
- Can the Dark Web Be Searched? Find Out How to Reach It - TechNadu - July 5th, 2020
- Tor Browser Download (2020 Latest) for Windows 10, 8, 7 - June 17th, 2020
- Tor Browser Review | PCMag - June 17th, 2020
- What is Tor? Everything you need to know about the anonymity network - The Daily Swig - June 17th, 2020
- Exposing the dark web coronavirus scammers - TechRepublic - June 17th, 2020
- Tor Browser Makes it Easier to Visit Mainstream Websites' .Onion Addresses - PCMag - June 7th, 2020
- Tor Browser 9.5 arrives with the option to automatically switch to more secure Onion versions of sites - BetaNews - June 7th, 2020
- The Dark Web Explained, and how to access it - Techjaja - June 7th, 2020
- Dark web is the underworld of cyberspace - MyRepublica - June 7th, 2020
- How to Track the Tech Thats Tracking You Every Day - Gizmodo Australia - June 7th, 2020
- What is the dark web? Your questions answered, in plain English - Naked Security - May 29th, 2020
- Ransomware that uses .onion websites - Ransomware Help & Tech Support - BleepingComputer - May 29th, 2020
- What is Tor? A beginner's guide to using the private browser - CNET - May 24th, 2020
- How to activate DNS-over-HTTPS in the latest version of Google Chrome - Komando - May 24th, 2020
- The Patriot Act and your privacy - Security Boulevard - May 24th, 2020
- Firefox zero day in the wild: patch now (Tor Browser too!) - Naked Security - April 11th, 2020
- IntSights: The dark web is a wretched hive of coronavirus scams and pandemic cybercrime - VentureBeat - April 11th, 2020
- What Is the Tor Browser & How To Use It In 2020 - Blokt - April 11th, 2020
- Tape the webcam, enable firewall: 11 rules to ensure cyber security when you work from home - Economic Times - April 11th, 2020
- Tails 4.5 Is Out: Run The Live Operating System With Secure Boot - Fossbytes - April 11th, 2020
- This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware - Hackaday - April 11th, 2020
- Apple blocks third-party cookies in Safari - ZDNet - March 26th, 2020
- Dark Web A cyber heaven of criminal activity - The Financial Express BD - March 26th, 2020
- Install the privacy-focused Tor Browser on your Chromebook in 4 simple steps - Chrome Unboxed - March 24th, 2020
- NetAbstraction Announces Support for Private and Secure Access to the Dark Web #48955 - New Kerala - March 24th, 2020
- Tails 4.4 has been released with new Tor Browser version - Neowin - March 14th, 2020
- Want to browse the web privately? Heres how to do it for real - Yahoo Tech - March 14th, 2020
- 17 things you can buy on the Dark Web - MyBroadband - March 14th, 2020
- 3 ways to browse the web anonymously - We Live Security - January 27th, 2020
- What is a Bitcoin mixer and how does it work? - CryptoTicker - January 27th, 2020
- Digital surveillance threats for 2020 - The Star, Kenya - January 18th, 2020
- Teejayx6 Will Steal Your Identityand Rap About It - WIRED - December 2nd, 2019
- Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime - Herald Journalism 24 - December 2nd, 2019
- Smart users guide to the snooping game - Livemint - November 17th, 2019
- Privacy on your smartphone: how to protect your data - AndroidPIT - November 17th, 2019
- BBC News heads to the dark web with new Tor mirror - The Verge - October 27th, 2019
- The Tor Project releases Tor Browser 9.0 with several UX improvements - Neowin - October 27th, 2019
- Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins - GoodTime Nation - October 27th, 2019
- OnionShare Lets Anyone Host Anonymous Sites on the Dark Web - BleepingComputer - October 16th, 2019
- #SecTorCa: Millions of Phones Leaking Information Via Tor - Infosecurity Magazine - October 16th, 2019
- Is there anything we can do to stop someone spying on us? - Newstalk 106-108 fm - August 25th, 2017
- If you're really concerned about browser security, Incognito isn't enough - TechRepublic - August 20th, 2017
- The Daily Stormer has lost its lease, accessible only via Tor browser - The Moderate Voice - August 20th, 2017
- Tor Project 'disgusted' by Daily Stormer, defends software ethos - CNET - August 18th, 2017
- Neo-Nazi site Daily Stormer resurfaces with Russian domain following Google and GoDaddy bans - Vox - August 16th, 2017
- Tor Browser 7.0.4 Download - TechSpot - August 14th, 2017
- Debian-Based Tails 3.1 Anonymous OS Debuts with Tor Browser 7.0.4, Linux 4.9.30 - LXer (press release) - August 11th, 2017
- Tails 3.1 has been released but you'll need to do a manual upgrade - Neowin - August 10th, 2017
- China and Russia go further in squelching Internet freedom - Washington Post - August 10th, 2017
- The FBI Booby-Trapped a Video to Catch a Suspected Tor ... - Motherboard - August 9th, 2017
- Major Improvements Are Coming Soon to the Tor Browser - The Merkle - August 8th, 2017
- The Attack on Global Privacy Leaves Few Places To Turn - WIRED - August 4th, 2017
- Tor Co-Founder: There Is No Dark Web The Merkle - The Merkle - August 3rd, 2017
- Online privacy protection - Choice - CHOICE - August 2nd, 2017
- There Is Basically No Dark Web. It's Only A Few Webpages TOR Co-founder - Fossbytes - July 31st, 2017
- How to Install Tor Browser for Mac and Protect Your Online Activity - iDrop News - July 29th, 2017
- How to get around an ISP blocking a website - MyBroadband - July 26th, 2017
- Don't blame online anonymity for dark web drug deals. - Slate Magazine (blog) - July 26th, 2017
- Tor network will pay you to hack it through new bug bounty program ... - ZDNet - July 21st, 2017
- Tor Project to launch public bug bounty project - CIO Dive - July 21st, 2017
- How to access the dark web - The Daily Dot - July 20th, 2017
- Your Mailman Is a Drug Dealer. He Just Doesn't Know It. - WNYC - July 20th, 2017
- Want porn? Prove your age (or get a VPN) Naked Security - Naked Security - July 20th, 2017
- Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market - Washington Post - July 19th, 2017
- S. Sudan blocks Sudan Tribune website over hostile coverage - Sudan Tribune - July 19th, 2017
- Assassins and child porn; a darknet offers everything - The Slovak Spectator - July 19th, 2017
- Apple users warned of dangerous new Mac malware that steals banking credentials - ThaiVisa News - July 18th, 2017
- The best security apps to lock down your Android phone - The Daily Dot - July 14th, 2017
- Mozilla is held to a higher standard - Ghacks Technology News - July 14th, 2017
- Privacy blunder? Firefox's Get Add-ons page uses Google Analytics - Ghacks Technology News - July 13th, 2017
- Russia, China vow to kill off VPNs, Tor browser - The Register - July 11th, 2017