WannaCry Has Not Gone Away

Uploaded on 2019-06-14 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft has released a series of defence fixes for 79 unique vulnerabilities, including 22 critical bugs, any of which, could be used to spread malware around the globe. 

According to Microsoft, the bug is “wormable,” meaning that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

This is a flaw in Remote Desktop Services (RDS) which could allow an attacker to remotely execute arbitrary code on a target system after connecting using RDP.

Microsoft has released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services, formerly known as Terminal Services, that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. 

This vulnerability is pre-authentication and requires no user interaction. 
In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware which spread globally in 2017.
So far there have not been any recorded exploitation of this vulnerability, but it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. 

Windows 8 and Windows 10 are not affected by this vulnerability.
Although the bug affects older operating systems, Windows 7, Windows Server 2008 R2 and Windows Server 2008, it should be patched ASAP. Microsoft is even making fixes available for out-of-support versions XP and Windows 2003, such is the potential threat.

Although WannaCry variants detections have been subdued since the global kill switch was activated, they have far from disappeared. Recent research, by Malwarebytes, has showed that Eastern countries are most at risk from WannaCry; the majority of detections since its initial spread landed in India (727,883), Indonesia (561,381), the US (430,643), Russia (356,146) and Malaysia (335,814). 

In the UK, there have been 17,185 detections since the initial attack took place, with just 41 incidents recorded since April 1 2019. 

In contrast, other countries have continued to register large numbers of detections in the same period; India (19,777), Indonesia (19,192) and the US (3325), for instance. Malwarebytes also warned that hundreds of thousands of systems globally are still vulnerable to EternalBlue and EternalRomance, exploits that WannaCry used to propagate and spread. 

They also say that malware authors are using mechanisms that allowed WannaCry to spread so rapidly to launch a new generation of devastating Trojans, such as Emotet and TrickBot, in order to target businesses.

Infosecurity 1:       Infosecuriity 2:       Technet:

You Might Also Read:


 

« Ransomware & Malware Make Way For New Attack Vectors
Data Analytics Is Changing The Insurance Industry »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

AVORD

AVORD

AVORD is a cloud-based security testing platform that allows clients to manage security testing requirements in a far more productive and efficient way.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

Kintek Group

Kintek Group

Kintek Group provides cybersecurity and managed services to protect organizations from threats that exist inside and outside their networks.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

Runecast Solutions

Runecast Solutions

Runecast Solutions is a global leader in AI-powered risk mitigation, security, continuous compliance and more efficient IT operations management.