Posted on May 14, 2017
Last week a ransomware attack, unprecedented in size hit companies and organizations across the globe. As the world returns to the office today, the attack is poised to spread as unpatched machines are flipped on as people get back to work.
Over the weekend, the SecurityScorecard research team completed a global scan using the ThreatMarket platform. The team looked at whether any unique IP address is affected by DoublePulsar. (DoublePulsar is the NSA malware backdoor that WannaCry ransomware uses to get into a system.)
The results of our research were as follows:
There are 9,698 unique IP addresses that remain vulnerable to infection. This number is made even more significant by the fact that the WannaCry infection can significantly disrupt a company’s business operations. This infection has the ability to propagate without user interaction, encrypt files and hold them for ransom, and allow malicious insiders to take control of the infected system.
While we all know that this attack had a global impact, our team thought it would be interesting to see which industries still have some work to do even after the weekend. We have shared the breakdown of which industries carry the most unique IP addresses currently vulnerable to the infection below:
Number of affected domains per industry
This attack is a big reminder for all organizations (but maybe especially for those in the telecommunications and technology industries) how important it is to monitor Patching Cadence for your own company and for your company’s vendors. In a previous post, we mentioned that a little over 70% of U.S. organizations have a slow patching cadence for medium and high severity critical vulnerability exploits.
Our findings this weekend show that slow patching cadence continues to put organizations at risk. It’s critical to remember that end-of-life software and unpatched software will continue to be a target for attacks. Understanding the critical vulnerability exploits (CVE’s) inside your digital footprint has never been more important.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.