Week 3. The WannaCry Came Back From The Dead
Over a month ago, the WannaCry ransomware attacked
several hundred thousands of Windows machines around the world. Just
couple days ago, the malware stroked
again. This time it visited Honda Motor production plant
in Sayama, Tokyo, and several dozen traffic lights in Australia. WannaCry
is a computer worm that uses weaknesses in the communication protocols to
spread over the network. The worm is called ransomware because, once infected the
target, it encrypts data on the infected machine and
ask the owner for a ransom to turn the data.
This computer worm exploited the vulnerability in the Server Message Block (SMB) version 1. The vulnerability allows a source remotely send fake requests to the SMB server without going through authentication. Microsoft released the patches to correct the issues about two days after the first attack in May. The patches applied to Windows Vista SP2 and newer. According to Khandelwal, Honda Motor did make an effort to secure their system after the worm attack in May. So why Honda get hit? There are three possibilities: 1. Honda is running Windows version that is older than the released patch. 2. Microsoft's patch did not stop WannaCry. 3. WannaCry is grown stronger and immune to the fix. I would guess that Honda is using older Windows version, possibly Windows XP. Unfortunately, Windows XP was declared end-of-life. Will Microsoft create a patch for Windows XP if the Auto Maker, Honda, has it in their production plant? One interesting point here is that Microsoft created a patch for a similar vulnerability in the client side of the SMB. The patch (2511455) was released in April 2011.
If you are using Windows Vista SP2 and above, try to apply the patch if you don't want to throw couple hundreds of dollars out for nothing. If you use the older systems, you should try to disable unnecessary file and printer sharing services.
Sources:
Swati Khandelwal (June 22, 2017). No, WannaCry Is not Dead! Hits Honda & Traffic Light Camera System. Retrieved from http://thehackernews.com/2017/06/honda-wannacry-attack.html.
This computer worm exploited the vulnerability in the Server Message Block (SMB) version 1. The vulnerability allows a source remotely send fake requests to the SMB server without going through authentication. Microsoft released the patches to correct the issues about two days after the first attack in May. The patches applied to Windows Vista SP2 and newer. According to Khandelwal, Honda Motor did make an effort to secure their system after the worm attack in May. So why Honda get hit? There are three possibilities: 1. Honda is running Windows version that is older than the released patch. 2. Microsoft's patch did not stop WannaCry. 3. WannaCry is grown stronger and immune to the fix. I would guess that Honda is using older Windows version, possibly Windows XP. Unfortunately, Windows XP was declared end-of-life. Will Microsoft create a patch for Windows XP if the Auto Maker, Honda, has it in their production plant? One interesting point here is that Microsoft created a patch for a similar vulnerability in the client side of the SMB. The patch (2511455) was released in April 2011.
If you are using Windows Vista SP2 and above, try to apply the patch if you don't want to throw couple hundreds of dollars out for nothing. If you use the older systems, you should try to disable unnecessary file and printer sharing services.
Sources:
Swati Khandelwal (June 22, 2017). No, WannaCry Is not Dead! Hits Honda & Traffic Light Camera System. Retrieved from http://thehackernews.com/2017/06/honda-wannacry-attack.html.
Microsoft (March 14, 2017). Security Update for Microsoft Windows SMB Server (4013389). Retrieved from https://technet.microsoft.com/library/security/MS17-010.
Microsoft (April 12, 2011). Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455). Retrieved from https://technet.microsoft.com/en-us/library/security/ms11-019.aspx.
Comments
Post a Comment