We all remember the WannaCry events of last May – the synchronised ransomware attack that brought cybersecurity incidents under public scrutiny like never before. Cybersecurity professionals have been dealing with data breaches for years, yet the reach of the WannaCry attack affected far too many people outside the industry. But has Microsoft – and its users – really learned their lessons from that incident?
Apparently not.
WannaCry: Why We Should Share and Play Well With Others
It can be argued that perhaps the most troubling thing about WannaCry was that some people knew about the vulnerability in the Microsoft Windows operating system, and they did not tell anyone; instead, they decided to use the flaw to develop their own exploit called EternalBlue. Granted, these people were working for one of the biggest intelligence agencies in the world (the US National Security Agency) and probably had good grounds for giving priority to their own agenda, but this certainly invites the question of what could have been avoided had the matte come to light when it was first detected. Surely it would have given time to Microsoft to prepare and amp up its defence against EternalBlue MS17-010, which was found to exploit a network file sharing protocol called Microsoft Server Message Block 1.0.
Source: Pexels
Unfortunately, it seems that the scales were tipped in favour of cybercriminals who developed the WannaCry ransomware – and others who have continued to incorporate EternalBlue into their attacks. The infamous NonPetya cyberattack last June used the same flaw and affected tens of thousands of systems in over 65 countries; it reportedly cost one just one of its biggest victims, Danish giant AP Moller-Maersk – the globe’s largest container shipping company – an estimate of around £150-220 million, Mondelez International (also owner of Cadbury chocolate maker) over £100 million and Reckitt Benckiser, the UK giant that manufactures goods like Nurofen, Dettol and Durex, suffered almost the same amount in losses.
Already Known Flaws Still Accessible to Cybercriminals
In September, SCMagazine published news that EternalBlue has again resurfaced as part of the relaunch of Retefe banking malware. Apparently, not every user is meticulous enough to apply the necessary patches and updates that Microsoft launches every time, resulting in EternalBlue still being effective. The latest strain of Retefe used malicious email attachments of Microsoft Office documents to further its campaign and infiltrate a network beyond the initial recipient. The attachments include embedded Package Shell Objects, or OLE Objects, which as a rule take the form of Windows Shortcut “.lnk” files.
Source: Pexels
Once a user opens the malicious shortcut they see a security warning; once they accept it, the PowerShell command proceeds to download an executable payload that is stacked away on a remote server. Yet concerns over flaws that are not properly addressed do not stop there. According to a report on ITNews earlier this September, Microsoft Edge for Windows 10 is still vulnerable to cross site scripting or XSS attacks. This is a common is a common attack vector (it is also on OWASP Top 10) that infiltrates a vulnerable web application with malicious code. XSS differs from other web attack vectors, such as SQL injections, in that it does not directly target the application itself, but rather the users of the web application. For instance, under an XSS attack, page content might be manipulated in order to mislead a user into willingly giving up their private data.
If anything, the latest attacks perpetrated thanks to EternalBlue should illustrate the importance of adopting a proactive approach that is focused on security. It seems that Microsoft has to step up – but so do Microsoft users. Monitoring the situation and installing security updates is like getting vaccinated: you do not only protect your computer, you protect others that get in touch with you, as well.
Author
