On May 12th a Ransomware campaign named “Wannacry” has been promoted around the world, successfully attacking organizations such as hospitals, critical government offices, manufacturers and banks.
While the ransomware itself and the phishing campaign were standard, the campaign used a sophisticated attack method that was leaked by the NSA which led to the fast distribution of the ransomware once inside the organization. The attack is utilizing the SMBv1 protocol, Microsoft recommended to stop using this protocol about 3 years ago. As stated in a blog post we published earlier this year Microsoft encouraged organizations to move to the new SMB versions and harden SMBv1- https://calcomsoftware.com/disable-hardening-smbv1/
During the past 6 months, a few critical vulnerabilities were found in the SMBv1 protocol, allowing remote code execution. Joining Microsoft, the US-CERT and CIS are also encouraging organizations to stop using and harden SMBv1. Although Microsoft published patches that should be implemented immediately, patching SMBv1 is a temporary solution as this 30-year-old protocol has many vulnerabilities yet to be revealed, if ever.
Hardening SMBv1 should take place immediately and is critical for protecting the organizational network. The same exploit methodology used by the “Wannacry” campaign can be used by other attacks utilizing other/new vulnerabilities in SMBv1.
IT teams should keep in mind that there is an operational risk in disabling SMBv1 as legacy systems and applications might still use it; the usage of the SMBv1 protocol should be mapped and all the dependencies must be revealed on servers before hardening. Using the Calcom Hardening Solution (CHS) learning capabilities saves time and lowers the operational risk related to hardening SMBv1. CHS learning mode provides automated usage mapping and reveals the systems and applications dependent on the protocol.
This attack is just one example out of many that organizations could avoid if implementing common hardening standards for computers.
For more information: