Here, Edward Farrell, Director & Principal Consultant at Mercury Information Security Services provides an analysis of Australia’s exposure and response to this ransomware attack.
Exploitation of the vulnerability is dependent upon the availability of windows SMB (port 445) and a failure to patch MS17-010. Given this fact, there are two attack vectors:
Late Sunday/Early Monday (14 &1 5 May) our team started planning and preparing for analysis of the Australian response to patching MS17-010. The purpose of this was to gauge the number open systems that could be readily exploited and observe patching behaviours. Over the past few days, we’ve identified ~3000 likely targets in Australia (that is SMB exposed to the internet and running windows in Australia). An exploration of these (not exploitation) identified the following statistics:
A few points/observations from this:
I also identified that Shodan has 32 of this count that it has identified as having been hit with doublepulsar last month.
Information in this article was first published in articles by Edward Farrell on LinkedIn and has been reproduced in this story on the AARNet News site with the permission of the author.
Apr 5, 2017
Machine learning is offering insights into the behaviour of malicious bots by tracking them as they evolve over time to evade detection. It’s a powerful tool, but it’s not the only one needed to keep students safe in increasingly online learning environment explains Miranda Mowbray, a researcher in machine learning...
Mar 20, 2017
With an increasing number of universities around the world reporting ransomware attacks and the threat showing no signs of going away, clear policies on cybersecurity and training for staff are the best form of defence for the Australian research and education community. In a previous post, we provided information on...
Feb 7, 2017
With an increasing number of universities around the world reporting ransomware attacks and the threat showing no signs of going away, clear policies on cybersecurity and training for staff are the best form of defence for the Australian research and education community. By Louise Schuster, AARNet’s Director, Cyber Security During our...