What would you do if a hacker had access to all of your sensitive documents and data through a machine that they had exploited, with access to control your webcam as well as monitor the screen and keyboard?

It’s not something out of action movie, what we’re describing is Eternal Blue, a cyber attack that preys on businesses not updating their systems.

Whilst this cyber attack can essentially immobilise a business, it’s avoidable through basic cyber security practices.

In our latest blog post to raise awareness about the dangers of cyber attacks, we’re taking a look at Eternal Blue, the damage it can do and how you can prevent your business from being affected.

Watch the Eternal Blue Video

Read Video Transcript

Behind the Hack – EternalBlue – Time to Update

We’re all guilty of not updating our devices, systems and software.

When we’re busy working hard in the business, it’s easier and quicker to just ‘put it off’, but right now we can exclusively reveal, thanks to our ethical hacker, the devastating effect using out of date and non-updated technology can have on your business.

It happens every day…we’re made aware of available updates but even if it’s labelled “critical” we think: ‘what’s the worse that can happen?’ Well, we can show you from our hackers’ point of view.

Even in today’s modern world, as soon as a new system, service or piece of software is created, there are people looking for ways to hack it.  Right now you’re looking at ‘EternalBlue’, developed to exploit a vulnerability in some versions of Microsoft products. 
The updates your computer tells you about contains vital patches to secure these vulnerabilities as soon as they’re discovered. 
In this case here’s an older version of a Windows server that hasn’t yet been updated.  Our hacker uses some special monitoring software to identify the target machine, establish a connection by linking IP addresses and ports, then with a simple command, view all the private credentials used to access the network

Our hacker can then do whatever they want; launch a further attack, steal and lock your data, run some code to monitor your screen, even detect keystrokes or spy on you and your staff with your webcam.

All businesses rely so much on technology these days, so talk to us about how you can be better protected without having to do the work yourself.

What Is Eternal Blue?

External Blue is an exploit that was created by the US National Security Agency which targets a vulnerability in Windows machines. In 2017, a hacking group were able to access and leak Eternal Blue as part of an attack on the NSA.

Whilst a patch was released by Microsoft one month after the leak, many system administrators did not update, leaving their machines vulnerable to the exploit.

In May 2017, Eternal Blue exploit was used to spread the infamous WannaCry ransomware that went on to infect over 230,000 Windows PCs in a single day, entire businesses were crippled and notable organisations such as the NHS were severely impacted. 

How Does It Work?

With specialist monitoring software, a hacker can identify machines that have not been updated and are therefore vulnerable to Eternal Blue.

After establishing a connection by linking IP addresses and ports, the hacker can use a single command to gain complete unobstructed access to the device and all of the files it contains.

With access to your machine, a hacker can carry out further attacks, view your private credentials, steal and lock data, and even run code that allows them to monitor your screen, see your keystrokes and, perhaps most disturbing, spy on you through your webcam.

How To Prevent Eternal Blue Attacks

In the case of Eternal Blue, preventing your machine from being exploited means ensuring you have the most recent updates installed on the machine.

Whilst it can be easier to put them off, these updates contain vital patches to secure vulnerabilities as soon as they are discovered.

If you are struggling to stay on top of updates or are finding they impact efficiency, consider using a dedicated cyber security provider who can update your machines out of hours on a regular basis to ensure they are protected. 

Protect Your Business with Absolutely PC

Is your business keeping all machines and software up to date with the latest updates? If not, you could be leaving yourself at risk of the devastating impacts of Eternal Blue and similar attacks. 

To find out more about protecting your business against all forms of cyber attack, call us today on 0117 975 9523 or fill out a contact form and we will get back to you.

Other Posts for you to Enjoy

 

LastPass Security Breach

LastPass is a password management utility and application allowing companies and people to store their passwords. After a recent breach there are some serious security issues that need attention. This article looks at what these issues are and how to re-secure your passwords.

IT Security: Folina Vulnerability Fixed

IT security update: Folina vulnerability has been fixed by Microsoft. How to ensure your system is protected and reverse the temporary fix we suggested.

IT Security: Zero Day Attack – Take Action Now

A new zero day attack is in progress and it threatens all computer systems that have Microsoft Office installed. A simple piece of code will thwart this attack until Microsoft have had a chance to release a patch

Business IT Security – Using 2FA

Business IT security is often about doing the basics really well, like securing your accounts using 2FA. In this post find out why 2FA helps to keep your business cyber secure

Man In The Middle – Behind the Hack [Video Guide]

Cybersecurity (cyber security) is a buzzword that seems to have appeared relatively quickly in the world of business IT.  If you search the term “cybersecurity” or “cyber security” on the BBC News website, there are currently 29 pages of articles from the last 2...

WordPress Security – Attacks leave 1.6 million sites damaged

Are you confident that your WordPress website is secure? Yesterday, on the 9th of December 2021, 1.6 Million WordPress Sites were Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. It’s safe to say this is a major concern to businesses everywhere. WordPress...

Ransomware – Behind the Hack [Video Guide]

How would your business react if you were locked out of every single file stored on any PC or cloud platform in your network, with the only way to free your data being to pay vast sums of money to a hacker? Well, ransomware does just that. Despite how crippling this...

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

Cyber Security Infographic

With cyber attacks becoming increasingly common for businesses of all sizes, it is critical that your organisation understands the most common types of cyber attack and what you can do to protect yourself. Take a look at our cyber security infographic which takes you...

8.4 Billion Passwords Leaked In “RockYou2021” Hack – How To Protect Your Business

The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.  Dubbed as ‘RockYou2021’ after the RockYou...

How To Fix Windows ‘PrintNightmare’ Vulnerability – Video

Microsoft is warning Windows users about a currently unpatched security flaw in the Windows Print Spooler service which is being actively exploited. Whilst waiting on a fix from Microsoft, Window's PCs are potentially vulnerable to be hacked whenever they are switched...

IT Security: Zero Day Attack – Take Action Now

A new zero day attack is in progress and it threatens all computer systems that have Microsoft Office installed. A simple piece of code will thwart this attack until Microsoft have had a chance to release a patch

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

New Dark Web Monitoring Tool Available from Absolutely PC

How much of your business and personal data is available online? The results could surprise you. With small business in the UK alone targeted by up to 65,000 attempted cyber attacks per day, data breaches and leaks are becoming an increasingly common occurrence. Once...

8.4 Billion Passwords Leaked In “RockYou2021” Hack – How To Protect Your Business

The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.  Dubbed as ‘RockYou2021’ after the RockYou...

4000 small businesses a day: the vicious spread of WannaCry

In May this year the online world witnessed the Wannacry ransomware attack, a cryptoworm which spread like wildfire, demanding payments in the cryptocurrency Bitcoin in over 230,000 computers using the Windows operating system. The National Health Service, the UK's...

How to Protect your Business from Cybersecurity Threats

With UK small businesses targeted with 65,000 attempted cyber attacks per day, having robust measures to deal with cyber security threats is more important than ever. The recent attack on SolarWinds proves that no business is safe from hackers and that businesses both...

Cyber Security Infographic

With cyber attacks becoming increasingly common for businesses of all sizes, it is critical that your organisation understands the most common types of cyber attack and what you can do to protect yourself. Take a look at our cyber security infographic which takes you...

WordPress Security – Attacks leave 1.6 million sites damaged

Are you confident that your WordPress website is secure? Yesterday, on the 9th of December 2021, 1.6 Million WordPress Sites were Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. It’s safe to say this is a major concern to businesses everywhere. WordPress...

New Password Management Tool Available from Absolutely PC

With cyber attacks on the rise and remote working becoming commonplace, now, more than ever - businesses need to keep on top of the security of their passwords or be at risk of suffering a costly data breach. A study by Verizon Data Breach Investigations found that...