Still 1 million+ devices worldwide vulnerable to WannaCry-related cyber attack
Just over two years ago, to be precise on May 12, 2017, the world was shocked by the outbreak of the now infamous “WannaCry” ransomware attack. The WannaCry outbreak made it clear that the already thin line between the digital and the physical world is becoming even thinner. As a result of the outbreak, hospitals, factories, ATMs and railways were paralyzed, to name a few examples. This makes malware an extremely effective weapon for shutting down critical real-life services.
The WannaCry cyber attack should have been a major wake up call for organizations to take adequate security measures. A call not to also become a victim, even after two years. A call to have their patch management in place. At least, that’s what you would think…
Care for cybersecurity
We are now two years later. Much has been written about these cyber attacks. A lot of attention was paid to the importance of cyber security: about the impact and damage that a cyber attack can have on an organization. About how disruptive it can be for your daily operations. About how you can best prevent and ward off such an attack. And about the importance of timely updating (“patching”) your systems.
Just take a look at the facts surrounding the WannaCry attack:
- The malware exploited a vulnerability in the Windows operating system.
- The malware is based on a cyber weapon from the US National Security Agency (NSA) and is called “EternalBlue”.
- EternalBlue was developed years before the actual WannaCry outbreak.
- The EternalBlue code was stolen and then used to develop the WannaCry ransomware.
- The WannaCry outbreak spread in a very short time.
- More than 400,000 computers in more than 150 countries were infected.
- The damage caused by the WannaCry cyber attack is estimated at more than 4 billion dollars worldwide
- Microsoft had a patch available 59 days before the outbreak to fix the vulnerability.
Figure 1: screenshot WannaCry ransomware
EternalBlue malware still very effective
At the end of May 2019, reports appeared in various media (including the New York Times) about cyber attacks that hit a number of US local government institutions with ransomware. Especially in the city of Baltimore. Thousands of computers were infected, leading to the disruption of various “real life” services such as real estate sales, water bills, and health alerts. This ransomware is based on the EternalBlue malware, just like WannaCry was. And so it appears that there still are organizations that have not yet provided their systems with critical security updates. Even two years after a global cyber attack with enormous impact and damage,
Over a million devices still vulnerable
According to websites techcrunch.com and shodan.io, two years after the global WannaCry outbrake more than one million devices are still vulnerable to an EternalBlue-based attack comparable to WannaCry. Unfortunately, the leak has not yet been repaired. The reason for this is unknown, but it is a worrying finding.
Figure 2: EternalBlue Vulnerabilities per May 2019
Have your digital resilience tested
To be resistant to cyber attacks, a number of things have to be taken care of. One of these things is timely updating (patching) of operating systems, applications and other components in your company network. Lagging behind just one patch can have disastrous consequences. In addition, it is wise to regularly test your IT systems for their digital resilience. With a so-called “vulnerability assessment”, security experts can determine quickly what possible security breaches are present in your network and advise you on how to close them.
Read more about the IT security solutions of Crowe Peak or contact us for a vulnerability assessment.