Welcome!

News Feed Item

CORRECTION - Secdo

NEW YORK, NY --(Marketwired - May 19, 2017) - In the news release, "Secdo discovers WannaCry attackers exploited NSA's ETERNALBLUE weeks earlier to steal login credentials," issued earlier today by Secdo, please be advised that the headline should read "Secdo Discovers Hackers Exploited NSA's ETERNALBLUE Weeks Before WannaCry Outbreak to Steal Login Credentials." The image captions have been edited, where applicable, as well. Complete corrected text follows.

Secdo Discovers Hackers Exploited NSA's ETERNALBLUE Weeks Before WannaCry Outbreak to Steal Login Credentials

Organizations potentially exposed to future thread-level attacks that install backdoors, exfiltrate data and steal credentials

NEW YORK, NY -- May 19, 2017 -- Secdo, provider of automated incident response solutions, this week discovered evidence that sophisticated actors leveraged the National Security Agency's (NSA) ETERNALBLUE several weeks before the outbreak of WannaCry to attack organizations, installing backdoors and exfiltrating user credentials in networks around the world. The WannaCry ransomware was just one variant.

Secdo made the discovery in the wake of reports during April by multiple customers, including publicly traded companies, that reported being attacked by an undetectable ransomware on their endpoints. Having recorded every action on those endpoints and servers at the thread level allowed Secdo to play-back, analyze and identify these attacks. The company believes many organizations may continue to be vulnerable to thread-level attacks that install backdoors, exfiltrate data and steal credentials.

  • Read the full Secdo blog explaining the discovery and evidence here

Jake Williams, founder of Rendition Infosec and a SANS Institute instructor, scanned the internet for weeks looking for active infections of DoublePulsar, the backdoor implant tool used alongside ETERNALBLUE in the WannaCry ransomware attack. "Finding a machine with DoublePulsar running indicates that the same vulnerability used in the WannaCry malware was used to compromise Windows machines much earlier," said Williams. "Although the numbers have varied widely, ranging from 25,000-150,000 active infections, it is clear that attackers have been exploiting this vulnerability almost since the day it was released by Shadow Brokers."

Upon gaining entry to Windows-based machines, the attack utilized the NSA's DoublePulsar to spawn a thread within a legitimate system process, allowing it to remain undetected by most detection systems that are unable to collect activities at the thread level.

"WannaCry is merely a visible symptom and not the underlying cause," said Secdo's CTO, Gil Barak. "Multiple threat actors were exploiting ETERNALBLUE to infect endpoints weeks prior to the WannaCry outbreak. Even if your organization successfully blocked or was not attacked by WannaCry, you may still be compromised."

Barak continued, "The attackers had more than a month to breach organizations, install backdoors, steal information and cause other damage, which most organizations may still not be able to discover -- until it's too late. Installing the Microsoft patch is critical for protection from future attacks exploiting Windows SMB, but it does not remediate machines that have already been compromised."

To discover if the breach is still present, organizations should look for thread-based behavioral IOCs that indicate compromise from at least early April. In addition, organizations need to attain continuous visibility at the thread level into every endpoint in the network to hunt and respond effectively to thread-based attacks in the future.

ABOUT SECDO

Secdo is the first and only preemptive incident response solution, automating the IR process and slashing incident response time to seconds. Gain unmatched historical thread-level endpoint visibility, automatically investigate any alert and visualize the forensic timeline and attack chain back to the root cause. Then, rapidly and surgically respond and remediate on any endpoint or server without impacting business productivity. Follow us on Twitter at @secdocyber, and on LinkedIn.

Image Available: http://www.marketwire.com/library/MwGo/2017/5/19/11G139302/Images/1_Initial_ETERNALBLUE_compromise-9a25547c44d1afdcbb72a556624dba6a.jpg
Image Available: http://www.marketwire.com/library/MwGo/2017/5/19/11G139302/Images/2_ETERNALBLUE_infects_other_devices_spawns_stealth-ccb0946813999afbb340b387fb496f7d.jpg
Image Available: http://www.marketwire.com/library/MwGo/2017/5/19/11G139302/Images/3_Malicious_thread_inside_legitimate_process-59ee6dd7f0c592b39456517cee7fec11.jpg

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value...
Cloud applications are seeing a deluge of requests to support the exploding advanced analytics market. “Open analytics” is the emerging strategy to deliver that data through an open data access layer, in the cloud, to be directly consumed by external analytics tools and popular programming languages. An increasing number of data engineers and data scientists use a variety of platforms and advanced analytics languages such as SAS, R, Python and Java, as well as frameworks such as Hadoop and Spark...
IBM helps FinTechs and financial services companies build and monetize cognitive-enabled financial services apps quickly and at scale. Hosted on IBM Bluemix, IBM’s platform builds in customer insights, regulatory compliance analytics and security to help reduce development time and testing. In his session at 20th Cloud Expo, Tom Eck, Industry Platforms CTO at IBM Cloud, will discuss how these tools simplify the time-consuming tasks of selection, mapping and data integration, allowing developers ...
In order to meet the rapidly changing demands of today’s customers, companies are continually forced to redefine their business strategies in order to meet these needs, stay relevant and continue to see profitable growth. IoT deployment and development is integral in this transformation, and today businesses are increasingly seeing the value of investing their resources into IoT deployments. These technologies are able increase ROI through projects such as connecting supply chains or enabling sm...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs ofte...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in rea...
Interested in leveling up on your Cloud Foundry skills? Join IBM for Cloud Foundry Days on June 7 at Cloud Expo New York at the Javits Center in New York City. Cloud Foundry Days is a free half day educational conference and networking event. Come find out why Cloud Foundry is the industry's fastest-growing and most adopted cloud application platform.
For financial firms, the cloud is going to increasingly become a crucial part of dealing with customers over the next five years and beyond, particularly with the growing use and acceptance of virtual currencies. There are new data storage paradigms on the horizon that will deliver secure solutions for storing and moving sensitive financial data around the world without touching terrestrial networks. In his session at 20th Cloud Expo, Cliff Beek, President of Cloud Constellation Corporation, w...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single threaded, you can effectively identify hot spots in your serverless code. In his session at 20th Cloud Expo, David Martin, Principal Product Owner at CA Technologies, will give a live demonstration and code walkthrough, showing how to ov...
SYS-CON Events announced today that Outscale, a global pure play Infrastructure as a Service provider and strategic partner of Dassault Systèmes, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2010, Outscale simplifies infrastructure complexities and boosts the business agility of its customers. Outscale delivers a secure, reliable and industrial strength solution for its customers, which in...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...