Delaware, USA – February 7, 2018 – The researcher from RiskSense created Metasploit Framework – an open source tool for penetration tests. Sean Dillon, also known as zerosum0x0, has modified the code for several NSA exploits so that they can work on a wide range of MS Windows-based systems, starting with Windows 2000. Vulnerabilities CVE-2017-0143 and CVE-2017-0146 can be used to install various malware or remote code execution. Previously, these vulnerabilities were not commonly exploited in cyberattacks because they affected only few versions of operating systems. System update MS17-010 secures systems against these exploits, so you need to make sure that it is installed on all systems.
Not only researchers modify the NSA exploits for attacks: on October 2017, BadRabbit ransomware used modified EternalRomance exploit, and Smominru botnet operators used CVE-2017-0144 exploit to infect more than 500,000 systems with the cryptocurrency miner in 2017. In addition to installing all security updates, you can use APT Framework with ArcSight, QRadar or Splunk to detect suspicious activity and protect your organization against cyberattacks in a timely manner.