"Four Years On: Two-thirds of Global Firms Still Exposed to WannaCry"

According to new research, over two-thirds (67%) of organizations are still running an insecure Windows protocol.  Security researchers at ExtraHop used its network detection and response (NDR) capabilities to analyze anonymized metadata from an unspecified number of customer networks to understand better where they may be vulnerable to outdated protocols.  The resulting security advisory report revealed the widespread use of Server Message Block version one (SMBv1), which contained a buffer overflow vulnerability which was exploited by the NSA-developed EternalBlue and related attack tools.  North Korean threat actors used this insecure Windows protocol for WannaCry, and Russian state operatives use this protocol for their NotPetya operation.  The researchers also found that this wasn’t the only insecure protocol.   They also discovered that 81% of enterprises still use HTTP plaintext credentials, and a third (34%) have at least 10 clients running NTLMv1, which could enable attackers to launch machine-in-the-middle (MITM) attacks or take complete control of a domain.  The researchers also warned that 70% of enterprises are also running LLMNR, which can be exploited to access users’ credential hashes. These, in turn, could be cracked to expose log-in information, the researchers claimed.

Infosecurity reports: "Four Years On: Two-thirds of Global Firms Still Exposed to WannaCry"