The EternalRocks worm is an ideal platform that cyber attackers are using to prepare the target for more malicious effects. The behaviour of the work is as follows:
- In the first stage, the worm uses SMB vulnerability to install itself on the computer. It also downloads .NET components and TOR browser together with C2 communications node.
- Then it remains passive for 24 hours to avoid detection or analysis with sandboxing (sandboxing is used typically as virtual isolation between the Internet and closed networks to monitor downloaded the program for malevolent behaviour).
- In the second stage, the worm uses TOR browser to download more executable files. Then it starts a random scan of opened SMB ports on the network it is connected. Once detecting a vulnerable target, it pushes the first stage exploitation to it.
The EternalRocks is such a clandestine worm that only with strong network visibility and monitoring tools, the traffic will be detected.
The military should be careful to ensure that their Internet-connected Microsoft operating systems are updated, and there is a strong monitoring and analysing function in place.
No comments:
Post a Comment