Posted on June 5, 2017 by staff

Cybersecurity team uncovers exploit of WannaCry proportions


Researchers at cyber security firm Secarma have found a significant vulnerability that could lead to a cyber-attack of similar scale to last month’s WannaCry malware that hit large parts of the NHS.

The weapon is contained within the recent “dump” of National Security Association (NSA) cyber tools from hacking group The Shadow Brokers, which also published the virus responsible for global ransomware attacks last month.

The team at leading Manchester-based security consultancy Secarma, which is part of the UKFast Group, discovered that the “ExplodingCan” exploit is capable of infiltrating fully patched Windows 2003 servers offering IIS 6.0, under certain conditions.

Secarma’s research shows that around 375,000 systems worldwide are potentially vulnerable to the newly-discovered exploit, putting thousands of organisations, including telecoms, banking, educational and governmental institutions, at risk.

Secarma managing director Paul Harris said: “After WannaCry hit, people were asking what is going to be the next attack. We’ve been analysing the dump of exploits that WannaCry was derived from and it’s clear that ExplodingCan is one to be significantly concerned about.

“Ultimately this is in the same risk category as the WannaCry attacks. It’s another way for cybercriminals and hacking teams to access your environment and, once they’re in, the internal parts of these systems are wide open to a variety of different attack vectors.

“This could escalate exponentially with more ransomware attacks, as we saw affecting the NHS last month, but equally likely are more stealthy attacks which result in data breaches, the theft of intellectual property or sensitive information.

“All the user passwords of an entire organisation, for example an airline or NHS Trust, could be acquired and exploited for personal gain or end up for sale on the dark web.”

Secarma’s security experts are currently examining how best to patch the exploit and have disclosed exact details of the vulnerability to Microsoft, although the US tech giant has consistently said, as with Windows XP, that Server 2003 is no longer supported.

Harris continued: “Our team is looking at ways to fix the vulnerability, and we have shared our research with the National Cyber Security Centre (NCSC), but the only advice we can give at this stage is to update to a more recent system that doesn’t have this hole – that’s Windows 2008 onwards.”

Secarma’s 50-strong team of ethical hackers and security experts is CHECK and CREST accredited and provides services to global, blue chip clients as well as SMEs and the public sector.

CEO of UKFast and Secarma Lawrence Jones added: “It’s disappointing that Microsoft is unwilling to patch this issue.

“You can see why they wouldn’t, as from their perspective it drives sales in their latest software, but it is difficult for many small businesses and some public sector organisations to keep up to date with the scaling costs of software.

“Microsoft managed to produce a patch within a matter of hours after the WannaCry malware wreaked havoc on the global IT community.

“Let’s hope this doesn’t escalate in a similar fashion. It certainly has the potential to explode, as its name suggests.”