Last week a ransomware attack, unprecedented in size hit companies and organizations across the globe. As the world returns to the office today, the attack is poised to spread as unpatched machines are flipped on as people get back to work.
Over the weekend, the SecurityScorecard research team completed a global scan using the ThreatMarket platform. The team looked at whether any unique IP address is affected by DoublePulsar. (DoublePulsar is the NSA malware backdoor that WannaCry ransomware uses to get into a system.)
The results of our research were as follows:
There are 9,698 unique IP addresses that remain vulnerable to infection. This number is made even more significant by the fact that the WannaCry infection can significantly disrupt a company’s business operations. This infection has the ability to propagate without user interaction, encrypt files and hold them for ransom, and allow malicious insiders to take control of the infected system.
While we all know that this attack had a global impact, our team thought it would be interesting to see which industries still have some work to do even after the weekend. We have shared the breakdown of which industries carry the most unique IP addresses currently vulnerable to the infection below:
Number of affected domains per industry
This attack is a big reminder for all organizations (but maybe especially for those in the telecommunications and technology industries) how important it is to monitor Patching Cadence for your own company and for your company’s vendors. In a previous post, we mentioned that a little over 70% of U.S. organizations have a slow patching cadence for medium and high severity critical vulnerability exploits.
Our findings this weekend show that slow patching cadence continues to put organizations at risk. It’s critical to remember that end-of-life software and unpatched software will continue to be a target for attacks. Understanding the critical vulnerability exploits (CVE’s) inside your digital footprint has never been more important.