Security

Analysis of Australia’s exposure to WannaCry

Fields marked with an * are required

Subscribe to our newsletter

Over the weekend of 13 & 14 May, hundreds of thousands of computer systems at government agencies, hospitals and companies  in dozens of countries were affected by the malicious WannaCry cyber attack, which locked computers and held files to ransom. Australia is among the countries affected.

Here, Edward Farrell, Director & Principal Consultant at Mercury Information Security Services provides an analysis of Australia’s exposure and response to this ransomware attack.

Exploitation of the vulnerability is dependent upon the availability of windows SMB (port 445) and a failure to patch MS17-010. Given this fact, there are two attack vectors:

  1. social engineering or phishing emails, which would occur regardless.
  2. public exposure of the identified port to the internet which is accessible without authentication, which this analysis considers.

Late Sunday/Early Monday (14 &1 5 May) our team started planning and preparing for analysis of the Australian response to patching MS17-010. The purpose of this was to gauge the number open systems that could be readily exploited and observe patching behaviours. Over the past few days, we’ve identified ~3000 likely targets in Australia (that is SMB exposed to the internet and running windows in Australia). An exploration of these (not exploitation) identified the following statistics:

 

A few points/observations from this:

  • the list has been expanding/contracting over the past few 72 hours.
  • Last count there were around 229 in total that were exposed at some period during our analysis.
  • This does not include hosts that are blocked or have some other mitigation in place.

I also identified that Shodan has 32 of this count that it has identified as having been hit with doublepulsar last month.

Information in this article was first published in articles by Edward Farrell on LinkedIn and has been reproduced in this story on the AARNet News site with the permission of the author.

View Edward Farrell’s WannaCry analysis updates published on LinkedIn

 


Related Stories

Security

Oct 18, 2017

Awareness is the best defence against cyber crime

Every day, the internet opens up new opportunities for enhancing the way we connect, shop, bank, research, work and socialize. But the more we do online, the greater the opportunities for criminals to steal money, information or identities: in 2015,...

Security

Sep 27, 2017

Government funds cyber security cooperative research centre

The Australian Government’s decision to fund a Cyber Security Cooperative Research Centre (CyberCRC) was announced jointly by the Assistant Minister for Industry, Innovation and Science, Craig the Hon Laundy MP and the Minister Assisting the Prime Minister for Cyber...

Security

Aug 10, 2017

Research and education networks join forces to tackle global IT security risk

With the escalation of major global cyber security incidents showing no signs of slowing down, information security is firmly in the spotlight for leaders of research and education networks (NRENs). Managing information security is also a high priority for many...

Security

Aug 4, 2017

Cyber security threat forecast: ubiquitous attacks

AARNet is a member of Security Colony,...