New SMB protocol exploit effective against most windows operating systems

An EternalSynergy based exploit has now been developed which can compromise newer (unpatched) versions of Windows. The original ETERNALSYNERGY exploit released by The Shadow Brokers in April exploited an SMB protocol vulnerability, CVE-2017-0143, to allow attackers to inject code onto Windows machines but only worked on versions up to Windows 8.

A security researcher has now modified and upgraded ETERNALSYNERGY to be able to compromise all supported but unpatched Windows operating systems except for Windows 10. This new exploit code is publicly available to download on GitHub and ExploitDB.

This case shows that exploits previously thought to only be effective against older or unsupported operating systems such as Windows XP can be modified to compromise newer and currently supported systems. This illustrates the importance of rigorous vulnerability management and patching, including patching newer operating systems.

Rise in cyber crime as a service

A new credential-stealing malware, named Ovidiy Stealer, is being sold on cyber crime forums for as little as £6. The low price reflects its limited capabilities. It is non-persistent, so can be removed by simply rebooting an infected computer, but it is reportedly easy to use and capable of harvesting usernames and passwords for a number of common applications. Ovidiy Stealer has compromised targets around the world, including in the UK.

Similarly, a new Phishing-as-a-Service platform, 'HackShit', has been marketing itself to would-be fraudsters. For a monthly subscription, users can generate plausible looking login pages which imitate popular social media and dating sites. The subscribers can also use the platform to trade compromised accounts for cryptocurrency, and to view tutorials on hacking and phishing.

The increasingly low barriers to entry for cyber crime are of concern because individuals with limited technical knowledge can now purchase basic cyber capabilities for a modest sum.

 

Comment

.author-name { display: none; }