Old Vulnerabilities Open the Door for WannaCry Ransomware

More than three years since it was discovered, WannaCry is still a threat for some organizations, research has found

How often does your organization conduct a security assessment? Once a year? Once a month?

It’s great that your organization is looking at its security thoroughly, but what happens between those assessments? And how well are you closing the gaps found during a security assessment?

It appears there are a lot of holes that need to be filled, especially on the network perimeter, according to research from Positive Technologies, which conducted an “automated security assessment of the network perimeter of selected corporate information systems.” What the firm found was 84% of the tested systems had high-risk vulnerabilities on external network resources and 10% of those vulnerabilities could be exploited by an inexperienced or low-skilled hacker.

WannaCry Is Still a Threat

One of the more surprising statistics to come from this report was the continued threat of WannaCry ransomware. There is no surprise about ransomware attacks on the network; 2020 has seen a 700% rise in ransomware attacks from the same point last year.

“Not only has the number of ransomware attacks increased, but ransomware has continued evolving, with some of the most popular forms of ransomware last year having disappeared while new forms of ransomware have emerged. In some cases, these are even more disruptive and damaging,” according to an article in ZDNet.

However, 26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013–2017, which indicates a lack of recent software updates,” the reported stated.

“The companies that were found to be vulnerable to WannaCry infection came from different industries,” Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, said in an email interview. This same vulnerability was also exploited by the Petya ransomware, she said.

“However, keep in mind that malware developers are constantly adding exploits for new vulnerabilities, and ransomware operators find different ways to deliver them,” Kilyusheva noted. “For example, they look for vulnerabilities in web applications, non-updated VPN solutions or brute force passwords for RDP access. Therefore, the protection of the network perimeter cannot be point-based.”

It isn’t any specific type of company or industry that is vulnerable to a WannaCry attack. Any type of organization and network can be infected if it does not have an effective vulnerability management process and its infrastructure contains nodes with port 445/TCP open and MS17-010 updates not installed, Kilyusheva pointed out.

Solidifying Network Perimeters

A little more than a quarter of companies have TCP port 445 open at hosts with external network interfaces, putting companies at risk for infection with WannaCry. How do you prevent that risk? The first place to start is with updates. No one should have vulnerabilities that are three or more years old.

“We recommend minimizing the number of services on the network perimeter and making sure that accessible interfaces truly need to be available from the internet. If so, ensure that these interfaces are configured securely and install updates to patch any known vulnerabilities,” said Kilyusheva.

Because most ransomware attacks rely on exploiting existing vulnerabilities, organizations can best protect themselves by practicing good security hygiene—simple tasks such as patching immediately, setting up automatic updates, limiting permissions and having procedures already in place to handle disaster recovery, particularly from a ransomware attack. Kilyusheva also recommended organizations implement the following:

  • Centralized update management.
  • Antivirus protection on all systems and endpoints, preferably with support for on-demand scanning by users of suspicious attachments prior to opening them.
  • Sandboxes to analyze file behavior.
  • SIEM capabilities, for timely attack detection.
  • Automated software audit tools to identify vulnerabilities.

“Taking measures to mitigate this threat now are imperative, as ransomware is likely to continue to take advantage of vulnerabilities that affect a large number of computers and consumer devices,” she said.

And in 2020, no one should be worried about a 2013 vulnerability that opens the door to WannaCry.

Avatar photo

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 271 posts and counting.See all posts by sue-poremba

Secure Guardrails