Security is just an illusion
When I started researching on Cyber security I have read in many articles that ‘security is just an illusion’. And now it’s proving. World is crying now because of the ransomware named Wannacry. This is not the only malware or ransomware attack happened till now. But this got a real impact all over the world. Everyone is realizing now, data and privacy both are not secure over Internet. I am not threatening you. This is what is getting proved now.
The group of hackers called Shadow brokers has done a fantastic job by leaking out a set of tools and exploits which they leaked from NSA. So now it’s clear what is going on in background. What NSA is doing in the name of national security? this is not the only set of tools which are being used by NSA, there are many. And I am sure another dump is coming :-). May we are able to stop wannacry, it’s not an end it’s just a starting.
Wannacry is just only a single recipe which is made from a windows smb exploit codenamed ETERNALBLUE leaked by Shadow brokers. It was not the only exploit they leaked. Most of them are listed below
EARLYSHOVEL RedHat 7.0–7.1 Sendmail 8.11.x exploit
EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.
ECHOWRECKER remote Samba 3.0.x Linux exploit.
EASYBEE appears to be an MDaemon email server vulnerability
EASYFUN EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6
EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet
EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2
EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17–010)
EDUCATEDSCHOLAR is a SMB exploit (MS09–050)
EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10–061)
EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2
ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client’s side to send an email to other users
EPICHERO 0-day exploit (RCE) for Avaya Call Server
ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17–010)
ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1 (MS17–010)
ETERNALCHAMPION is a SMBv1 exploit
ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers
ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later (MS08–067)
ETRE is an exploit for IMail 8.10 to 8.22
ETCETERABLUE is an exploit for IMail 7.04 to 8.05
FUZZBUNCH is an exploit framework, similar to MetaSploit
ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
EXPIREDPAYCHECK IIS6 exploit
EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release
EASYFUN WordClient / IIS6.0 exploit
Now also we don’t know to whom should we blame? A Google researcher Neel Mehta posted a tweet in twitter saying wannacry has similarity with a malware developed by North Koreans hackers group called Lazarus in 2015. But we can’t blame them fully as anyone can refer and write new malware based on the old one. Some people are blaming NSA, some are blaming Microsoft for late release of patches for the vulnerability.
Who is the real villain? Yet to decide it. This story will continue. It’s just a single episode of a series. Now everyone will agree “Security is just an illusion”.