ETERNALBLUE Attack:5 Devastating CyberSecurity Flaws (Part#2)

ETERNALBLUE Attack:5 Devastating Security Flaws (Part#2)

Another buffer overflow flaw was behind one of last year's biggest cybersecurity stories: the wanna cry ransomware that caused billions of dollars in damage by encrypting people's hard drives and holding them ransom for bitcoins.



The vulnerability itself was called Eternalblue, and Like Stagefright, it was a remote code executions flaw, but a much less straightforward one. 


In fact, it took the US national security agency to spot the tree interacting bugs that enable it. By default, older Microsoft versions of windows would accept connection from other computers to communicate about sharing file over the network. 

WHAT MAKES ETERNALBLUE DANGEROUS 


Hackers could trick windows into reserving a small memory buffer next door to thee settings for one of these open connections.

 Then they send a big chunk of data for windows to store in that buffer, so big that it overwrite the settings.


By overwriting settings strategically, the hackers could turn what used to be a file-sharing connection into a conduit through which they could pipe malware anywhere into the computer's memory.BOOM! Remote code execution.

 
Eternalblue is especially dangerous in combination with other exploits that allowed privilege escalation, seizing full administrative control of the computer .


Once that happens, the attackers could corrupt your files to make them unavailable, say by encrypting them.


And of course, their programs cloud also spy on everything the computer knows, so much for confidentially too. And all this happen without any involvement on your part.

Eternalblue was sneaky, powerful and widely used for wreaking havoc.. in other words, the very model of a modern major security bug.

STAGEFRIGHT Attack: 5 Devastating Security Flaws (Part#1)

Previous Post Next Post