WannaCrypt, which infected companies and organisations across the planet this weekend, spread by exploiting an unpatched, critical SMBv1 vulnerability in Microsoft Windows.
Of course, ransomware attacks are not uncommon. What’s uncommon about this is that it’s wormable, which means it actually spread itself – making it especially dangerous. In addition, it used an NSA exploit that could have been patched in March… for many, it apparently wasn’t.
This chaos could have been easily prevented with Software Vulnerability Management solutions, in which IT Security teams can be alerted when vulnerabilities are discovered in the organisation’s IT environment. These teams then receive automatic update patches, based on the criticality of those alerts, so that they can be prioritised. So, businesses that kept up with patches have nothing to worry about! Software Vulnerability Management can help businesses patch in a timely manner, and put systems in place to automatically notify them when vulnerabilities are lurking. This is truly the only way to minimise the attack surface and mitigate hacker threats.
“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” said Kasper Lindgaard, Senior Director of Secunia Research at Flexera Software. “This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously. There is simply no excuse.”