Welcome!

News Feed Item

CORRECTION - Secdo

NEW YORK, NY --(Marketwired - May 19, 2017) - In the news release, "Secdo discovers WannaCry attackers exploited NSA's ETERNALBLUE weeks earlier to steal login credentials," issued earlier today by Secdo, please be advised that the headline should read "Secdo Discovers Hackers Exploited NSA's ETERNALBLUE Weeks Before WannaCry Outbreak to Steal Login Credentials." The image captions have been edited, where applicable, as well. Complete corrected text follows.

Secdo Discovers Hackers Exploited NSA's ETERNALBLUE Weeks Before WannaCry Outbreak to Steal Login Credentials

Organizations potentially exposed to future thread-level attacks that install backdoors, exfiltrate data and steal credentials

NEW YORK, NY -- May 19, 2017 -- Secdo, provider of automated incident response solutions, this week discovered evidence that sophisticated actors leveraged the National Security Agency's (NSA) ETERNALBLUE several weeks before the outbreak of WannaCry to attack organizations, installing backdoors and exfiltrating user credentials in networks around the world. The WannaCry ransomware was just one variant.

Secdo made the discovery in the wake of reports during April by multiple customers, including publicly traded companies, that reported being attacked by an undetectable ransomware on their endpoints. Having recorded every action on those endpoints and servers at the thread level allowed Secdo to play-back, analyze and identify these attacks. The company believes many organizations may continue to be vulnerable to thread-level attacks that install backdoors, exfiltrate data and steal credentials.

  • Read the full Secdo blog explaining the discovery and evidence here

Jake Williams, founder of Rendition Infosec and a SANS Institute instructor, scanned the internet for weeks looking for active infections of DoublePulsar, the backdoor implant tool used alongside ETERNALBLUE in the WannaCry ransomware attack. "Finding a machine with DoublePulsar running indicates that the same vulnerability used in the WannaCry malware was used to compromise Windows machines much earlier," said Williams. "Although the numbers have varied widely, ranging from 25,000-150,000 active infections, it is clear that attackers have been exploiting this vulnerability almost since the day it was released by Shadow Brokers."

Upon gaining entry to Windows-based machines, the attack utilized the NSA's DoublePulsar to spawn a thread within a legitimate system process, allowing it to remain undetected by most detection systems that are unable to collect activities at the thread level.

"WannaCry is merely a visible symptom and not the underlying cause," said Secdo's CTO, Gil Barak. "Multiple threat actors were exploiting ETERNALBLUE to infect endpoints weeks prior to the WannaCry outbreak. Even if your organization successfully blocked or was not attacked by WannaCry, you may still be compromised."

Barak continued, "The attackers had more than a month to breach organizations, install backdoors, steal information and cause other damage, which most organizations may still not be able to discover -- until it's too late. Installing the Microsoft patch is critical for protection from future attacks exploiting Windows SMB, but it does not remediate machines that have already been compromised."

To discover if the breach is still present, organizations should look for thread-based behavioral IOCs that indicate compromise from at least early April. In addition, organizations need to attain continuous visibility at the thread level into every endpoint in the network to hunt and respond effectively to thread-based attacks in the future.

ABOUT SECDO

Secdo is the first and only preemptive incident response solution, automating the IR process and slashing incident response time to seconds. Gain unmatched historical thread-level endpoint visibility, automatically investigate any alert and visualize the forensic timeline and attack chain back to the root cause. Then, rapidly and surgically respond and remediate on any endpoint or server without impacting business productivity. Follow us on Twitter at @secdocyber, and on LinkedIn.

Image Available: http://www.marketwire.com/library/MwGo/2017/5/19/11G139302/Images/1_Initial_ETERNALBLUE_compromise-9a25547c44d1afdcbb72a556624dba6a.jpg
Image Available: http://www.marketwire.com/library/MwGo/2017/5/19/11G139302/Images/2_ETERNALBLUE_infects_other_devices_spawns_stealth-ccb0946813999afbb340b387fb496f7d.jpg
Image Available: http://www.marketwire.com/library/MwGo/2017/5/19/11G139302/Images/3_Malicious_thread_inside_legitimate_process-59ee6dd7f0c592b39456517cee7fec11.jpg

Media Contacts
Michelle Allard McMahon
Rainier Communications
[email protected]
+1 781.718.3248

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
The session is centered around the tracing of systems on cloud using technologies like ebpf. The goal is to talk about what this technology is all about and what purpose it serves. In his session at 21st Cloud Expo, Shashank Jain, Development Architect at SAP, will touch upon concepts of observability in the cloud and also some of the challenges we have. Generally most cloud-based monitoring tools capture details at a very granular level. To troubleshoot problems this might not be good enough.
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, will describe how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launchi...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...