Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Free Scanner Finds 50,000 EternalBlue-Vulnerable Systems

More than 50,000 computers vulnerable to the NSA-linked EternalBlue exploit were found by a free vulnerability scanner in recent weeks.

More than 50,000 computers vulnerable to the NSA-linked EternalBlue exploit were found by a free vulnerability scanner in recent weeks.

Dubbed Eternal Blues, the tool was designed to provide network administrators with visibility into the EternalBlue-vulnerable machines in their networks, but without actually exploiting the flaw. In the wake of WannaCry, NotPetya, and other global infections leveraging the NSA-linked exploit, knowing whether a network is vulnerable or not is certainly a good idea.

According to Elad Erez, the security researcher who built the scanner, data collected through Eternal Blues over the past couple of weeks reveals that more than 50,000 scanned hosts are vulnerable to the exploit.

Erez also warns that sometimes all it takes is a single vulnerable machine to compromise an entire network. Using Eternal Blues, the administrator(s) of a network with around 10,000 hosts found the only two machines that were still vulnerable, thus securing the entire environment.

As of July 12, over 8 million IPs were scanned using Eternal Blues, most of which (1.5 million) are located in France. Vulnerable machines were found in around 130 countries and the top 3 countries “had more than 30,000 vulnerable hosts altogether,” the security researcher says.

Over half (53.82%) of the vulnerable hosts still have SMBv1 enabled, the researcher also discovered. Moreover, he notes that 1 out of 9 hosts in a network is vulnerable to EternalBlue.

Advertisement. Scroll to continue reading.

Although Eternal Blues found only around 50,000 vulnerable systems, Erez warns that the number is much higher. Issues with the scanner prevented it from correctly reporting the number of vulnerable host. The researcher addressed those in a version released on July 2, but didn’t take previous findings into account when presenting the above numbers.

According to Erez, however, awareness on EternalBlue appears to have increased. The mere fact that admins are using the scanner is proof of that, he says.

To keep systems and networks secure, admins should apply the latest patches, perform periodic assessments of risks in their networks, and disable SMBv1, the researcher says. He also advises enabling automatic updates on Windows systems.

“Please, don’t be mistaken – recent ransomware attacks are the ones that made all the buzz, since they actually tell you when they hit you. I believe there are many more EternalBlue-based attacks which remain off the radar and are still unknown to,” the researcher points out.

Related: Free EternalBlue Vulnerability Scanner Released

Related: Fileless Ransomware Spreads via EternalBlue Exploit

Related: Stealth Backdoor Abused NSA Exploit Before WannaCrypt

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.