Could WannaCry and AdylKuzz have been averted?

Following the WannaCry ransomware attack, a new Flexera report revealed that more vulnerabilities are being found in UK PC operating systems, and at the same time, users aren’t patching them as diligently.  The report finds:

  • The percentage of UK PC users with unpatched Windows operating systems was 9% in Q1, 2017, up from 7.2% last quarter and 6.1% in Q1, 2016.
  • The percentage of vulnerabilities originating in operating systems in the UK was 38% in Q1, up from 35% in Q4, 2016 and 22% in Q1, 2016.

In fact, most known vulnerabilities have patches available on the date of their disclosure, which can prevent attacks.  According to Flexera’s annual Vulnerability Review published earlier this year, in 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors.  Eighty percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.  However, these patches aren’t being applied in a timely manner.  This lax attitude is worrisome.

Despite the availability of patches – like the Microsoft Patch that could have prevented harm from the WannaCry attack – an alarming number of companies and individuals simply did not apply them.  In fact, a group of different companies identified many thousands (ranging from 30,000 to 107,000 in different scans) of machines infected with DoublePulsar already in April, and it was determined that DoublePulsar was installed using the EternalBlue exploit.  The same recipe was used in WannaCry and AdylKuzz.  Therefore, the threat of EternalBlue has been real for a long time.

Preventing the Next WannaCry, AdylKuzz and on and on…

Newly identified attacks using EternalBlue and the DoublePulsar backdoors highlight the importance to patch vulnerable systems to stay secure.

In mid-May, malware researcher Kafeine released a blog describing another attack using the EternalBlue exploit and the backdoor DoublePulsar, dubbed AdylKuzz.  According to the blog, the “Initial statistics suggest that this attack may be larger in scale than WannaCry, affecting hundreds of thousands of personal computers and servers worldwide.…”  The researcher suggests that this attack started before WannaCry and that it may have limited WannaCry’s spread as it shuts down Server Message Block (SMB) communications to prevent further infections by other malware.  The observation that infection by AdylKuzz stops WannaCry and other malware using the SMB vulnerability indicates that without AdylKuzz, WannaCry could have been of a much larger scale.

In the sea of news, interpretations and all the Fear, Uncertainty and Doubt (FUD) spread around the WannaCry attack, the main point remains the same: patching is the most effective way to prevent the exploitation of known software vulnerabilities.

While security folks are working hard to make sure they catch and stop any infections, and IT folks rush to patch, it is probably a good opportunity for leaders to start thinking about effective measures that will make sure your organisation is not the next victim of a similar attack, leveraging this or another one of the thousands of known vulnerabilities out there with a patch available.

Bridging Software Vulnerability Gaps

Companies need to build efficiencies and bridge the IT Security and IT Operations (SecOps) gap to enable an effective remediation process to patch the right things fast. Such an approach will enable organisations to:

  • Introduce formal Vulnerability Management processes into the company
  • Patch and remediate as part of a complete Vulnerability Management process
  • Develop Vulnerability Management processes and implement technologies to support those processes
  • Close the patch assessment and remediation gaps to deliver accurate patch assessment and remediation to support the entire lifecycle of managing software vulnerabilities

Companies can easily address important gaps in traditional vulnerability management tools, including the assessment and remediation of vulnerabilities on software and systems running on clients and servers.  These gaps expose organisations to the risk of security breaches that can lead to loss of confidential data, hacker control of internal systems and other negative consequences.  Closing these gaps is of critical importance to mitigate security risk posed by vulnerabilities such as the next WannaCry.

By Kasper Lindgaard, Director of Research and Security, Secunia Research at Flexera Software.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.