WannaCry Has Not Gone Away

Microsoft has released a series of defence fixes for 79 unique vulnerabilities, including 22 critical bugs, any of which, could be used to spread malware around the globe. 

According to Microsoft, the bug is “wormable,” meaning that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

This is a flaw in Remote Desktop Services (RDS) which could allow an attacker to remotely execute arbitrary code on a target system after connecting using RDP.

Microsoft has released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services, formerly known as Terminal Services, that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. 

This vulnerability is pre-authentication and requires no user interaction. 
In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware which spread globally in 2017.
So far there have not been any recorded exploitation of this vulnerability, but it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. 

Windows 8 and Windows 10 are not affected by this vulnerability.
Although the bug affects older operating systems, Windows 7, Windows Server 2008 R2 and Windows Server 2008, it should be patched ASAP. Microsoft is even making fixes available for out-of-support versions XP and Windows 2003, such is the potential threat.

Although WannaCry variants detections have been subdued since the global kill switch was activated, they have far from disappeared. Recent research, by Malwarebytes, has showed that Eastern countries are most at risk from WannaCry; the majority of detections since its initial spread landed in India (727,883), Indonesia (561,381), the US (430,643), Russia (356,146) and Malaysia (335,814). 

In the UK, there have been 17,185 detections since the initial attack took place, with just 41 incidents recorded since April 1 2019. 

In contrast, other countries have continued to register large numbers of detections in the same period; India (19,777), Indonesia (19,192) and the US (3325), for instance. Malwarebytes also warned that hundreds of thousands of systems globally are still vulnerable to EternalBlue and EternalRomance, exploits that WannaCry used to propagate and spread. 

They also say that malware authors are using mechanisms that allowed WannaCry to spread so rapidly to launch a new generation of devastating Trojans, such as Emotet and TrickBot, in order to target businesses.

Infosecurity 1:       Infosecuriity 2:       Technet:

You Might Also Read:


 

« Ransomware & Malware Make Way For New Attack Vectors
Data Analytics Is Changing The Insurance Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.