Financial Times | 16 May 2017:
Tool dubbed EsteemAudit available on dark web after impact of WannaCry attack.
Criminal hacking groups have repurposed a second classified cyber weapon stolen from US spies and have made it available on the so-called dark web after the success of the WannaCry attack that swept across the globe on Friday.
The hacking tool, developed by the US National Security Agency and codenamed EsteemAudit, has been adapted and is now available for criminal use, according to security analysts.
As with the NSA’s EternalBlue — the tool on which WannaCry was based — EsteemAudit exploits a vulnerability in older versions of Microsoft’s Windows software in the way in which networked machines communicate with each other.
Microsoft issued patches for vulnerable versions of its Windows software over the weekend — though experts warn many organisations have yet to apply them.
Intelligence and law-enforcement officials said they fear WannaCry may foreshadow a wave of similarly damaging attacks, as criminals and others race to make use of digital weapons that for years were only available to the most technologically sophisticated nation states.
To read full article – please click here.