~ Over 18 Million hits of Ransomware and Cryptomining campaigns in 2017-2018
~ ‘EternalBlue’ is the deadliest exploit leaked by hacking group known as Shadow Brokers in April last year
Pune, May 9, 2018: In its research report titled, ‘EternalBlue – A Popular Threat Actor of 2017-2018’, Seqrite, one of the leading providers of enterprise security solutions, today revealed that it has detected more than 18 million hits of the exploit in advanced cyberattacks like ransomware and distributed cryptomining campaigns. Almost a year after the infamous WannaCry ransomware attack, leaked NSA Exploit ‘EternalBlue’ continues to be a popular threat actor for cybercriminals to infiltrate into systems and make financial gains. The report highlights data sourced from Quick Heal Security Labs and gives insights into the exploit’s timeline, analysis and recent observations made around its existence till date
‘EternalBlue’ is the deadliest exploit leaked by hacking group known as Shadow Brokers in April last year. Seqrite observed the first impression of EternalBlue in May 2017 with the outbreak of WannaCry ransomware. The detection count gradually started increasing as WannaCry started spreading to other systems making it the biggest ransomware attack in history that affected more than 150 countries. After the success of WannaCry, several new Proof of Concept or POC exploit were discovered on the internet for ‘EternalBlue. With this easy availability of ‘EternalBlue’, hackers were observed using the exploit in the ensuing attacks like EternalRocks worm, Petya a.k.a NotPetya ransomware and BadRabbit Ransomware.
Following a detailed investigation, Seqrite further discovered that ‘EternalBlue’ which was mostly utilized in ransomware attacks is now also being increasingly deployed by hackers to distribute cryptomining campaigns like Adylkuzz, Zealot and WannaMine. According to the report, there has been a healthy increase in detection statistics from December with March recording the highest detection count of over 70 lakh hits. This is largely due to the rapid rise in the valuation of cryptocurrencies and the fact that cryptomining allows attackers to illegally and discreetly mine cryptocurrencies on infected endpoints.
Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited, “Exploits leaked by Shadowbrokers especially EternalBlue have helped hackers to launch some of the biggest cyberattacks in the form of WannaCry, Petya a.k.a. NotPetya and BadRabbit. While hackers using EternalBlue to launch ransomware attacks is widely known, it is interesting to note that cybercriminals are now leveraging this tool to distribute cryptomining campaigns. What is worrisome is that a large number of endpoints continue to be unprotected and vulnerabilities remain unpatched. It’s about time we realize that prevention is an important remedy that can help businesses to stay a step ahead of the attackers.”
Seqrite is the Enterprise Security solutions brand of Quick Heal Technologies Ltd. Launched in 2015, Seqrite solutions are defined by innovation and simplicity. A combination of intelligence, analysis of applications and state-of-the-art technology, Seqrite is designed to provide continuous and better protection for enterprise corporate customers.
Seqrite portfolio of solutions includes Endpoint Security, Mobile Device Management (MDM), Unified Threat Management (UTM) and data protection technologies like Encryption and Data Loss Prevention (DLP). In addition, Seqrite Services provides comprehensive cybersecurity consulting services to Corporates, PSUs, Government and Law Enforcement Agencies.
About Quick Heal Technologies Limited:-
Quick Heal Technologies Limited is one of the leading providers of IT security software products and solutions in India. Incorporated in 1995 with a registered office in Pune, Quick Heal Technologies Limited has a network of 18000+ channel partners as on 31st December 2017. It conducts sales and marketing activities across India.
Quick Heal’s portfolio includes solutions under the widely recognized brand names ‘Quick Heal’ and ‘Seqrite’ across various operating systems and devices.