Cybersecurity Update: EternalDarkness

Cybersecurity Update: EternalDarkness

Cybersecurity Update: EternalDarkness

16th March, 2020

It never rains but it pours. Over the last two weeks many firms opted to suspend cybersecurity patch schedules to reduce churn while they focus on BCP tests and general COVID-19 response IT planning. At Options we took the opposite view, accelerating patching on our internal systems. We believe cyber criminals are predators who will pounce the moment corporate cybersecurity teams get stretched or distracted.

Almost as expected, like the script of a bad movie, Microsoft disclosed (i.e. served-up) CVE-2020-0796, dubbed ‘EternalDarkness’, on March 10th. Cybersecurity professionals agree that it is one of the nastiest exploits since WannaCry in May 2017. We use the term “served-up” because once Microsoft discloses the issue the clock starts for the cyber criminals to weaponise the weakness.

CVE-2020-0796 affects Server Messaging Block (SMBv3) on some Microsoft operating systems. SMB is more commonly known as the software behind ‘Shared Drives’ on computer systems.

The ‘EternalDarkness’ nomenclature is a reference to ‘EternalBlue’, the SMB exploit that was behind WannaCry. This is definitely not a vulnerability to be taken lightly but as things stand EternalDarkness has not been actively exploited.

Although first disclosed on Tuesday, March 10th, no patch was immediately available. Microsoft did however release details of a partial workaround and followed this up with a formal patch (KB4551762) on Thursday, March 12th.

Despite the general pandemonium in the market, our cybersecurity team has been following this closely and are taking all appropriate actions. They worked around the clock over the weekend to deploy the workaround across the Options estate and it is now being applied universally.

Microsoft also recommend ensuring TCP port 445 is blocked at all perimeter firewalls. We do this as standard and regularly check we are in compliance (this was confirmed again over the weekend). Further information can be found at Microsoft here

Rest assured that we have kept our eye on the ball and are well on top of managing what could potentially become a very nasty cybersecurity vulnerability, and especially in light of everything else going on.

Leave a Reply

Your email address will not be published. Required fields are marked *