EternalBlue
Uncovering a Widely Used Server Message Block Exploit (CVE-2017-0144)
Threat Defense Maneuver: Protocol Alteration
Trinity Cyber Threat Detection experts are continuously developing an effective set of response maneuvers to control the desired outcome to known cyber threats.
An example of a Threat Defense Maneuver is Protocol Alteration. By employing Protocol Alteration prior to the threat attacker penetrating the network, companies can best protect from an EternalBlue exploit, a vulnerability in the Server Message Block (SMB) protocol implementation in Windows 7 and below. Several highly effective malware and ransomware campaigns that used EternalBlue as a spreading mechanism included WannaCry, NotPetya, and Satan Ransomware.
Read this Threat Brief to learn:
- How to detect EternalBlue from buffer overflow to heap-groom and implant drop
- How to use a protocol alteration to neutralize the attack