Hacking tool was likely stolen from NSA: Expert on cyber attack
'EternalBlue' is the name given to a weakness in Microsoft’s security that is thought to have been identified secretly by the United States National Security Agency.
Published: 13th May 2017 09:53 AM | Last Updated: 13th May 2017 09:53 AM | A+A A-
LONDON: A security expert at Surrey university has claimed that the malware, which affected the National Health Service (NHS) England hospitals and continues to spread across various parts of the world, resembles an exploit of 'EternalBlue'.
'EternalBlue' is the name given to a weakness in Microsoft’s security that is thought to have been identified secretly by the United States National Security Agency (NSA).
"From the analysis that has been done, it looks like it is the ‘EternalBlue’ weakness that has been exploited because it is using the same ports and protocols. We don’t know publicly if it is the NSA (that found the vulnerability) but it is widely assumed it is and that is what Shadow Brokers said," The Guardian quoted Prof. Alan Woodward, as saying.
It's also believed that 'WannaCry' works by taking advantage of a flaw in Windows that the NSA knew about, but kept secret.
This particular vulnerability was publically disclosed by a group calling itself Shadow Brokers, which claimed to have stolen it from the NSA, among a cache of files it took.
Meanwhile, Kaspersky Lab, a cybersecurity company based in Moscow, has published a blog post in which it estimates that 45,000 attacks have been carried out in 74 countries, mostly in Russia.
It added that the totals could be "much, much higher."
Earlier, a number of hospitals across England were forced to divert emergency patients after being hit by a suspected cyber attack.
Attacks then began being reported across many other countries, including Turkey, Vietnam, the Philippines, Japan, the U.S., China, Spain, Italy and Taiwan with the majority of affected computers in Russia.
The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $300 to unlock their data, The New York Times reports.
The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.
Portugal Telecom was also hit by a cyber attack but no services were impacted.
"We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services were affected," a Portugal Telecom spokeswoman said.