Security warning: Are you ready for EternalRocks?
Threat and Vulnerability Management

Security warning: Are you ready for EternalRocks?

This is a contributed piece from Giridhara Raam, a product analyst at ManageEngine

It seemed as though things had settled down following the WannaCry ransomware attack that hit millions of machines worldwide back in May and threw the UK’s National Health Service and many other organisations into chaos. Then came Petya, another form of ransomware that infected machines across Europe and Ukraine. Clearly, this is no time for businesses to rest on their laurels when it comes to network security. It’s time to prepare for the next attack, which is likely to be EternalRocks.

Despite causing global disruption, WannaCry only utilised two vulnerabilities: the EternalBlue exploit and the DoublePulsar backdoor. EternalRocks, discovered by a security researcher at the Croatian Government CERT, exploits seven different Windows vulnerabilities.

Unlike WannaCry, EternalRocks has no kill switch and is designed in such a way that it's nearly undetectable on afflicted systems. Researcher Miroslav Stamper found this worm after it hit his Server Message Block (SMB) honeypot.

Three security experts talk WannaCry, the future of ransomware, and what to expect from the Shadow Brokers’ next leak. Will the next WannaCry go up for sale soon?

After doing some digging, Stampar discovered that EternalRocks disguises itself as WannaCry to fool researchers, but instead of locking files and demanding a ransom, EternalRocks gains unauthorised control of infected computers to launch future cyberattacks.

 

How severe is an EternalRocks attack?

When EternalRocks hits a computer, it downloads a Tor browser and connects that computer to its command and control (C&C) server located in an unidentifiable part of the web. To avoid detection, EternalRocks stays dormant in the infected computer for 24 hours before activating and communicating with its C&C server.

In the early stages of the attack, EternalRocks shares an archive containing all seven exploits with its C&C sever, then downloads a component called svchost.exe to execute all other actions and take over the infected system. Once that's done, EternalRocks searches for open SMB ports to infect other vulnerable computers.

One of the main features of EternalRocks is that it can turn into any major cyber weapon after successfully hijacking a system. For instance, it can convert into either ransomware or a Trojan to cause more damage.

The seven vulnerabilities EternalRocks exploits are:

  1. EternalBlue — SMBv1 exploit tool
  2. EternalRomance — SMBv1 exploit tool
  3. EternalChampion — SMBv2 exploit tool
  4. EternalSynergy — SMBv3 exploit tool
  5. SMBTouch — SMB reconnaissance tool
  6. ArchTouch — SMB reconnaissance tool
  7. DoublePulsar — Backdoor trojan

EternalBlue, EternalChampion, EternalSynergy, and EternalRomance are designed to exploit vulnerable computers, while DoublePulsar is used to spread the worm across networks. EternalRocks is far deadlier than WannaCry—security professionals have even named it the "Doomsday Worm."

With new malware being unleashed daily since WannaCry, enterprises are looking for security solutions that can help them stay secure in spite of all these attacks. Experts suggest that employing proper patch management procedures can keep your network and devices safe from any unwanted security breaches.

First WannaCry, then Petya, and now EternalRocks—all resulting from the Shadow Broker's leak of alleged NSA hacking tools. The whole world witnessed WannaCry's impact when it used just two SMB vulnerabilities; imagine what EternalRocks can do with seven. Security researchers are still investigating EternalRocks. Until they neutralise the threat, you can stay safe and secure by staying on top of patch management.

PREVIOUS ARTICLE

«Checklist: Tools to see into AWS infrastructure

NEXT ARTICLE

Three options for securing data in BYOD»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Recommended for You

kathryn-cave

Blockchain For Dummies: What you really need to know

Kathryn Cave looks at the big trends in global tech

martin-veitch-thumbnail

What we know and don’t know about digital transformation

Martin Veitch's inside track on today’s tech trends

silhouette

Four hot IT growth areas to guarantee a big salary bump

IDG Connect tackles the tech stories that matter to you

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?