More than two-thirds (67%) of businesses are even now managing an insecure Windows protocol largely accountable for the infamous WannaCry and NotPetya attacks of 2017 and 2018, according to new investigate.
Security seller ExtraHop utilized its network detection and reaction (NDR) capabilities to evaluate anonymized metadata from an unspecified quantity of customer networks, in buy to improved realize the place they could be vulnerable to out-of-date protocols.
The ensuing security advisory report exposed popular use of Server Concept Block edition a person (SMBv1), which contained a buffer overflow vulnerability which was exploited by the NSA-designed EternalBlue and similar attack applications.
These were being subsequently applied by North Korean menace actors for WannaCry and Russian point out operatives for their NotPetya procedure.
This was not the only insecure protocol ExtraHop discovered. It uncovered that 81% of enterprises continue to use HTTP plaintext credentials, and a 3rd (34%) have at minimum 10 clientele operating NTLMv1, which could enable attackers to launch equipment-in-the-center (MITM) attacks or consider entire control of a domain.
The report also warned that 70% of enterprises are also jogging LLMNR, which can be exploited to entry users’ credential hashes. These in switch could be cracked to expose log-in details, ExtraHop claimed.
Ted Driggs, head of product or service at ExtraHop, argued that it’s not often effortless for organizations to improve to more recent, extra secure protocols.
“Migrating off SMBv1 and other deprecated protocols may not be an selection for legacy programs, and even when it is an option, the migration can set off disruptive outages. Numerous IT and security companies will select to try and comprise the deprecated protocol rather of risking an outage,” he discussed.
“Organizations have to have an correct and up-to-day inventory of their assets’ actions to assess risk posture as it relates to insecure protocols. Only then can they decide how to remediate the issue or restrict the achieve of susceptible systems on the network.”
Wednesday represented the fourth anniversary of the WannaCry attack that impacted hundreds of 1000’s of customers in 150 international locations.
Some areas of this short article are sourced from: