Hundreds of thousands of systems are still vulnerable to attacks using EternalBlue.
Machines running Windows, which is not installed patches against vulnerabilities EternalBlue, stuck in an endless loop of infections, said the researchers of Avira.
The EternalBlue exploit was developed by the US National Security Agency, but the hacking group Equation Group abducted it and began selling it to everyone. Most of all, the exploit is known for its role in the global infestation of computers with extortion software WannaCry last year.
From WannaCry, computers running Windows 7 and Windows XP were primarily affected, because the malware is spreading through a vulnerability in the Windows Server Message Block (SMB) protocol on port 445. Microsoft later corrected the vulnerability, including the more unsupported Windows XP. Nevertheless, according to Avira’s chief analyst Mikel Echevarria-Lizarraga, hundreds of thousands of computers remain vulnerable.
Unmounted systems are open to any malicious software that runs EternalBlue, and are endlessly attacked. Such a large number of non-upgraded systems is due to the fact that they are unlicensed and do not receive official updates from the manufacturer. On such computers, for security reasons, it is recommended that users completely disable the SMB1 protocol.
Experts Avira decided to disable the protocol on machines without a patch and found about 300 thousand computers with an uncorrected vulnerability. According to them, they disable the protocol for about 14 thousand systems every day, and this is already bearing fruit. After deactivation of SMB1, the systems stop being subjected to countless repetitive attacks using EternalBlue.
The most vulnerable to EternalBlue computers is found in Taiwan, in Thailand, Indonesia, Vietnam, Egypt, Russia, China, the Philippines, India and Turkey. Here, the highest level of use of unlicensed software. Outside the United States and the European Union, the percentage of unlicensed software is 52-60%, while the US and EU are only 16% and 28% respectively.