Newly identified attack using EternalBlue and the DoublePulsar backdoor highlights the importance to patch vulnerable systems to stay secure.
Yesterday, malware researcher Kafeine released a blog describing another attack using the Eternalblue exploit and the backdoor DoublePulsar, dubbed Adylkuzz. According to the blog the “Initial statistics suggest that this attack may be larger in scale than WannaCry, affecting hundreds of thousands of PCs and servers worldwide.…” The researcher suggests that this attack started before WannaCry and that it may have limited WannaCry’s spread as it shuts down SMB communications to prevent further infections by other malware. The observation that infection by Adylkuzz stops WannaCry and other malware using the SMB vulnerability indicates that without AdylKuzz, WannaCry could have been of a much larger scale.
In the sea of news, interpretations and all the Fear, Uncertainty and Doubt (FUD) spread around the WannaCry attack, the main point remains the same: patching is the most effective way to prevent the exploitation of known software vulnerabilities.
While security folks are working hard to make sure they catch and stop any infections, and IT folks rush to patch, it is probably a good opportunity for leaders to start thinking about effective measures that will make sure your organization is not the next victim of a similar attack, leveraging this or another one of the thousands of known vulnerabilities out there with a patch available.
For more about our views and inspiration for building efficiencies and bridging the SecOps gap to enable an effective remediation process to patch the right things fast, visit our blog.
See also our whitepaper: Bridging Software Vulnerability Gaps