Yesterday, TrendLabs released a blog describing another attack using the Eternalblue vulnerability, dubbed UIWIX. According to the blog UIWIX is different because “It appears to be fileless: UIWIX is executed in memory after exploiting EternalBlue. Fileless infections don’t entail writing actual files/components to the computer’s disks, which greatly reduces its footprint and in turn makes detection trickier.”
TrendLabs says that UIWIX is stealthier and suggests is capable of gathering browser, File Transfer Protocol (FTP), email and messenger credentials. Different from WannaCry, it appears not to propagate from the infected system though, which makes it potentially less harmful.
As yet, another attack, it confirms what was expected: variations and new malware will continue to be detected with larger or smaller impact.
Talk about another ransomware exploiting EternalBlue prompts the question: Are we having the right discussions?
As mentioned in a previous blog, there is no silver bullet. Securing information and systems is a multi-layered discipline which requires alignment, strategic thinking and coordinated execution.
Security professionals have a great opportunity to bring together their business leaders to gather commitment and start conversations about how to use this case to raise awareness and close gaps between IT Security and IT Operations through SecOps initiatives.
Such initiatives should effectively strengthen the security profile of organizations and effectively reduce the risk associated with attacks targeting known software vulnerabilities.
Join us for a discussion about WannaCry and the improvements to preventative measures that can have a lasting effect for increasing the security of your business.