#+HashtagPLUS
In

Menu

Post image 1
Post image 2
Post image 3
Post image 4
Post image 5
Post image 6
Post image 7
Post image 8
Post image 9
Post image 10
Post image 11
Post image 12
Post image 13
Post image 14
Post image 15
1 / 15
0

SMB Worm Indexsinas

Akamai·Written by Liad Mordekoviz and Ophir Harpaz June 30, 2021·about 1 month ago
#xupud27i
#security#akamaiguardicoresegmentation#indexsinassmbworm#indexsinas#attack#network
Reading 0:00
15s threshold

Liad is a security researcher at Guardicore. Ophir leads the security research team in Akamai's Enterprise Security Group. Executive summary \r\n \r\n Guardicore reveals new details in the Indexsinas SMB worm, also dubbed NSABuffMiner. \r\n The attack campaign has been active since 2019 and is still under operation and maintenance today. \r\n Targeted devices are SMB servers vulnerable to  EternalBlue  (MS17-010). According to Shodan, there are more than 1.2 million internet-facing SMB servers today. \r\n The attack makes vast use of the Equation Group exploit kit, which includes EternalBlue exploit as well as the DoublePulsar backdoor. \r\n Victims include organizations in the healthcare, hospitality, education and telecommunications sectors. \r\n \r\n Guardicore Labs published a GitHub  repository  with all IOCs for this campaign as well as a detection tool in Powershell.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free accountLog in
Read More