2020-07-07T07:37:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 5
  • 1301

How does EternalBlue work?

How can businesses ensure that they are protected from EternalBlue attacks? Is this a job for EDR software?

7
PeerSpot user
7 Answers
it_user1146165 - PeerSpot reviewer
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
2020-07-09T22:05:40Z
Jul 9, 2020

You can use Palo Alto Cortex XDR networks to protect against this type of attack at the endpoint level.

Search for a product comparison in EDR (Endpoint Detection and Response)
Dawid Van Der Merwe - PeerSpot reviewer
Sales Engineer | Technical Sales | Pre-Sales at SUSE
Vendor
Top 5Leaderboard
2020-07-09T16:30:03Z
Jul 9, 2020

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.


Ref:


https://cve.mitre.org/cgi-bin/...


https://www.avast.com/c-eterna...

Nikki Webb - PeerSpot reviewer
Global Channel Manager at Custodian360
Real User
2020-07-09T13:15:17Z
Jul 9, 2020

EternalBlue exploits a vulnerability in outdated versions of Microsoft Server Message Block.


So the only known mechanism to protect against EternalBlue is to download the latest Windows software update and install the patch.


Microsofts Support Forum has a full step-by-step guide to walk you through this process and ensure that your business is utilising the latest version.


Additionally, you should ensure that the following safeguards are in place:



  • Anti-virus software - AI product like SentinelOne is needed, traditional anti virus is just not up tot he job anymore

  • Secure offsite backup with “attack-loop” prevention

  • Filter for .exe attachments in emails

  • Encrypt sensitive data


PATCH PATCH PATCH - is the answer every time 

Dr Trust Tshepo Mapoka - PeerSpot reviewer
Senior Cybersecurity Consultant at CIA Botswana
Real User
Top 5
2020-07-09T12:02:55Z
Jul 9, 2020

EternalBlue exploits officially named MS17-010 by Microsoft is a vulnerability that affects outdated versions of Microsoft Server Message Block (SMB). The quickest mechanism to protect against EternalBlue is through system PATCHING, i.e. download the latest version of Windows software update and install the patch.

MV
IT Manager at Telecorp Inc.
Real User
2020-07-09T10:01:54Z
Jul 9, 2020

The best part of AI products like Sentinel one is they are monitoring for this type of exploit. It's not just anti virus software. There is also a SOC that reacts when a machine is compromised. The hacker would use the exploit to get onto the machine this would alert the SOC. As soon as the hacker executes the cypto code the connection is severed with the hacker, the code is frozen and reversed. The machine would be kept offline until the security is checked. You would then unfreeze the machine. All this is automatic. As support you would get 10 to 15 emails explaining what was done. You would log into the portal to verify and unfreeze the machine.

SP
Managing Member at Pender & Associates
Real User
Top 5Leaderboard
2020-07-10T12:50:31Z
Jul 10, 2020

By far the most important thing to do to prevent attacks utilizing Eternalblue is to make sure that you’ve updated any older versions of Windows to apply the security patch MS17-10.


If, for some reason, that’s not possible, other mitigations include disabling SMBv1 and not exposing any vulnerable machines to internet access.


Ensuring you have a capable EDR security solution should go without saying, but if your organization is still behind the curve on that one, remember that passive EDR solutions are already behind-the-times and active EDR is required.


Please contact me on cybersec@global.co.za for more information on SentinelOne and Cyber Protection Services

Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
658,157 professionals have used our research since 2012.
Paresh Makwana - PeerSpot reviewer
Director at a tech services company with 1-10 employees
Reseller
Top 20Leaderboard
2020-07-10T06:46:57Z
Jul 10, 2020

EternalBlue” exploit that targeted open server message block (SMB) ports and was used to great effect in the recent WannaCry ransomware attack.


Attacks leveraging the EternalBlue exploit generally follow this pattern:


  1. A vulnerable system with an open, unpatched port is identified.

  1. EternalBlue (or another exploit) is used to achieve remote code execution.

  1. The DoublePulsar backdoor is uploaded. This allows remote control of the infected system and the upload of an additional payload.

  1. An arbitrary payload is injected into the target system’s memory using the DoublePulsar backdoor. In the case of WannaCry, this payload was ransomware, but it could potentially be any payload, including malware that does a much more effective job at hiding on a system.

  1. In the case of WannaCry, the payload also contained code that attempted to spread additional infections with the EternalBlue/DoublePulsar attack chain. This effectively made WannaCry a worm, a kind of malware that could spread without any kind of user intervention.

Though Microsoft published a patch for a number of the exploits contained in the Shadow Broker’s dump, unpatched systems still remain vulnerable to this kind of attack. It is important to note that a potential attacker could use any payload in the attack chain described above.


Basic tool to protect from EternalBlue


1) Second generation AV 


2) Cloud Backup


3) Cloud Second generation VPN and Firewall


Related Questions
Fernando Elias Gonzalez Hernandez - PeerSpot reviewer
Cyber Security Manager at Maxitransfers LLC
Nov 9, 2022
Hi, I'm looking for an EDR with low resource consumption and very robust for 270 computers. Any suggestions? Thank you--- <Original question> Estoy buscando un EDR con bajo consumo de recursos y muy robusto para 270 equipos de computo Sugerencias? Gracias
2 out of 12 answers
Hi Fernando, Nice to meet you! From Sofistic we can help you with SOC and Crowdstrike EDR!
Pieter Plas - PeerSpot reviewer
Owner at Beerepoot Automatisering B.V.
Jul 26, 2022
Hi Fernando, I’m very happy with Kaspersky. Good value  for your money. Good support when you need it. The console gives you more than only antivirus, but also patch management for 3th party software and so many more. And i believe the best anti ransomware in the world. With kind regards,
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Sep 12, 2022
Hello community members, Could you please share 2-3 of the top pain points you've been experiencing during the Endpoint Detection and Response (EDR) solution purchase? Have you been able to overcome them? How? Thanks for sharing your experience with other peers.
2 out of 6 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jul 6, 2022
Hi @Evgeny Belenky​, A few points that need emphasis when deciding on the EDR are as below:  1) Does the solution employ Foundational Techniques (traditional), modern techniques (next-gen), or even a combination of both? 2) How does the solution detect unknown threats. Does it have machine learning capabilities? 3) If the solution does claim to utilize machine learning, what type of machine learning is used? 4) What technology is deployed to prevent exploit-based and file-less attacks? 5) Is the solution specifically designed to stop ransomware? 6) Does the solution’s creator have third-party results that validate their approach? 7) Can the solution ask detailed threat hunting and IT security operations questions? 8) What visibility is provided into attacks and can the solution respond automatically.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 7, 2022
Hi @Devanand PR, @Basil Dange, @Nadeem Syed, @Abbasi Poonawala ​and @Dalvarado, ​ ​ ​ ​ Can you please share your professional insights with your peers? Thanks and we appreciate your collaboration.
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you! Trending Here are some topics that your peers are discussi...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439, Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 2, 2022
Hi peers, We're happy to share our new bi-weekly Community Spotlight with you. Here you'll find recent contributions by PeerSpot community members: questions, articles and trending discussions. Trending See what your peers are discussing at the moment! What to choose: an endpoint antivirus, an EDR solution, or both? What is your recommended IT Service Management (ITSM) tool in 2022? W...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
658,157 professionals have used our research since 2012.