Let me share a timeline I constructed regarding Wannacry during the last days. The interesting point I shared with some colleagues was that the patient zero (o patients) infection vector is not referenced or described as of now yet.
15th February 2017 Microsoft cancels its monthly patching for that month
9th March 2017 Wikileaks press release regarding Vault7, “the largest-ever publication of confidential documents on the agency” according to Wikileaks.
14th March 2017 Microsoft publish security update MS17-010 for SMB Server
14th April 2017 (according to https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers) Equation Group (see https://en.wikipedia.org/wiki/Equation_Group) releases some exploits, EternalBlue among them. EternalBlue took advantage of the vulnerability that Microsoft patch MS17-010 fiexed.
14th April 2017 Microsoft publish their triage analysis on the exploits
15th April 2017 Security companies analyse exploits. One example of the anaylisis of EternalBlue is the following:
15th April 2017 Some news sites start to wonder how come that the patch existed before the release e.g. https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
12th May 2017 WannaCry appears in the wild
Some sources mention that the infection vector was a phishing email
However, no analysis yet of that mentioned phishing email, its attachment and its modus operandi in general.
This is a Security Bloggers Network syndicated blog post authored by itsecuriteer. Read the original post at: Security and risk