Around 15 April, 2017 a group known as the Shadow Brokers released a trove of exploits that were allegedly stolen from the US NSA FuzzBunch toolkit. One of these exploits, codenamed EternalBlue, takes advantage of a vulnerability in Microsoft’s Server Message Block (SMB) protocol. EternalBlue provides local privilege escalation via remote code-execution, thereby allowing malware or an attacker to gain control of unpatched systems without user interaction. This vulnerability was patched by Microsoft on March 14, 2017.
On 12 May, 2017 computers around the world began to be infected by the WannaCrypt ransomware. It has been reported that up to 70,000 systems within Britain’s NHS were subsequently infected. The initial infection is thought to have been via a spear phishing attack and reporting suggests that the attack has not been political in nature. WannaCry began rapidly spreading by automatically infecting network-connected PCs using worm-like behaviour.
If you are uncertain that you are suitably prepared for a threat such as WannaCrypt, call Seccom Global on +61 2 9688 6933.