O surto de ransomware WannaCry ocorreu devido à vulnerabilidade EternalBlue obtida pela NSA e depois roubada dos Shadow Brokers. The hacking group recently revealed more vulnerabilities owned by the NSA claiming the agency used them to get access to systems worldwide.
It’s highly likely that the NSA has more flaws that still haven’t been revealed to the public. One question comes to mind – how can users stay protected against such exploits in the future?
Researchers Develop Tool to Check for NSA Exploits: Ferramenta de defesa de armas cibernéticas da NSA
Security researchers from Qihu (360 total Security) have obviously thought about that, and have developed a special tool to scan for NSA vulnerabilities.
“Besides EternalBlue, there are more exploits in the leaked NSA cyber arsenal that could be abused for massive cyber attack, including EternalChampion, EternalRomance, and EternalSynergy. Attackers with these NSA cyber weapons can break into more than 70% of the Windows systems in the world. An unpatched PC may be infected as soon as it connects to the Internet even without any click on a link or a file,” the researchers wrote.
To protect users against WannaCry and similar outbreaks in the future, Qihu (360 total Security) has decided to develop an NSA Cyber Weapons Defense Tool. The tool is designed to determine whether a system is immune to exploits derived by NSA Cyber Weapons. When vulnerabilities are located, users can apply all the security updates necessary to defend against such attacks, os pesquisadores explicam.
It’s interesting to note that 360’s NSA Cyber Weapons Defense Tool doesn’t need Internet connection to run. Portanto, users can patch the vulnerabilities without having to worry about potential infections via through the Internet.
Even though Microsoft has issued patches to fix the flaws used by the NSA hacking tools, users that haven’t installed them are still left vulnerable. It’s also known that the 64-bit version of Window 7 was the operating system that witnessed the highest WannaCry infection rates.
You can check out 360’s NSA Cyber Weapons Defense Tool aqui.