Petya or NotPetya, Why is MS17–010 Still Not Patched?
Petya or NotPetya — How long should it take to patch against a globally recognised exploit, and why are attackers still able to use MS17–010?
Whether you prefer to call the latest global ransomware attack by the name the media have (somewhat incorrectly) chosen: ‘Petya’, or by its fashionable alternative: ‘NotPetya’, the fact of the matter is that the firms around the world are struggling to keep up with the ever evolving world of cyber attacks.
In the wake of Petya, the latest global ransomware attack, we are once again reminded how many thousands of firms still have security solutions which have difficulty protecting against a myriad of threats. The infection vector used by the attackers this time around was more sophisticated than the WannaCry epidemic, with the malicious payload being delivered via third-party accounting software by MeDOC, Ukrainian accounting firm. Even so, the attack wormed itself around internal networks using the same exploit as the WannaCry attack, meaning that up-to-date machines with the Microsoft patch (MS17–010) would not have been affected by internal network spread. Firms have had almost 2 months since the last global ransomware epidemic to patch their systems, but many have failed. This just goes to show how much work there still is to be done.
On a related note, the ShadowBrokers (The group which released the suite of exploits that are being used for these ransomware attacks) are due to release a new set of exploits in the first two weeks of July. We can guarantee that these will be keenly picked up by attackers, who will be writing malware to be delivered using these newly released methods within weeks. We’d like to reiterate to our clients and readers alike, therefore, the importance of keeping your software patched.
The upcoming months are going to be crucial for securing internet facing systems, so if your firm hasn’t heard of the Shadow Brokers and the upcoming threat, don’t hesitate to get in touch about how we can offer a good level of continuous security coverage through vulnerability scanning.
The Intruder Team