In the shadows lurks a bigger threat than WannaCry

Picture: ShutterStock

Doomsday predictions intrigue us, but we should be wary of taking them at face value. After all, the entire world hasn’t stopped yet, Y2K did not kill our computers, and the online lived Kim Kardashian’s nudes.

However, a single tweet by Miroslav Stampar, a cybersecurity expert working for the authorities, piqued my interest. It’s a “matter of time” before bad guys begin linking together several hacking methods after the WannaCry ransomware attack, he wrote.

And if they do, “we perish.” What did he mean by that?

Stampar was featured in many news posts in the past few days; he was the first to describe, in detail, a new threat called EternalRocks, which takes advantage of seven distinct exploits that have recently been stolen from the NSA’s trove of security vulnerabilities (for contrast, WannaCry simply uses two of the exploits).

But this malware is very different from WannaCry when it infects a computer, it does nothing for 24 hours. Then, it downloads more malware in the Tor-protected dark web. And , it waits for further instructions.

This technique makes the malware more difficult to find, and unlike WannaCry, EternalRocks does not comprise a “kill switch” that makes it readily disabled. Although this malware is currently barely worthy of its own mal- prefix, as it does no real harm to the infected computer, it could easily be turned into something a lot more dangerous.

Initially, Stampar’s claims look hyperbolic. Though EternalRocks utilizes a great deal of different exploits, all of them have been patched on newer variants of Windows. And the method of waiting for a predetermined interval before acting isn’t unheard of. But Stampar claims things are not as simple as they seem.

“EternalRocks is, by my evaluation, still in evolution. It does nothing whatsoever, except disperse. But, I don’t think its writer has really fully released it,” Stampar told Mashable by means of a message. “EternalRocks isn’t even near WannaCry, but it has possible (to develop into harmful),” he said.

Stampar considers that NSA’s cache of broadcasts, published in April with a group of hackers known as the Shadow Brokers, has triggered many fresh harmful hacking strategies. “Someone took the Shadow Brokers exploit kit and used it at a pig,” he said. “This hasn’t been done before.”

And even though these exploits only affect older, unpatched machines, that doesn’t mean they are not dangerous. In accordance with Stampar, once hackers start using them together using a very simple mass phishing attack, the real trouble begins.

“Once hackers start breaking from the inside, countermeasures that businesses have obtained mean nothing.”

“A lot of corporations simply shut the 445 port in the exterior and patched the machines online. The issue is that a whole lot of machines in businesses, for a variety of reasons, simply cannot be patched. Once hackers start breaking from the inside for example, through phishing e-mails, if only 1 employee opens such an email, then those countermeasures that businesses have obtained mean nothing.”

“The Pony botnet could send 10 million phishing emails daily.”

The phishing part isn’t very hard to perform. “The Pony botnet could send 10 million emails per day,” Stampar said. Connect that with all the Shadow Brokers exploits, and it is WannaCry around again only on a larger scale.

The issue is made worse by the fact that the Shadow Brokers have promised to keep releasing new exploits, and have even set up a type of a subscription service for exploits. We do not know exactly what this new trove of exploits might comprise, but if they are anything close to the first batch, they might lead to new, more sophisticated attacks.

Microsoft President and Chief Legal Officer Brad Smith recently cautioned against authorities piling up software exploits, likening the Shadow Brokers’ release to the U.S. army having some of its own Tomahawk missiles stolen. Meanwhile, besides the WannaCry ransomware, fresh strikes based on these exploits are popping up at the wild, using one case being Adylkuzz, a malware that mines digital currency using infected machines’ resources.

Read more:

Related Post

Most Popular

To Top