More than half of IT environments still contain WannaCry/NotPetya vulnerabilities
A new report from cloud-native network detection and response company ExtraHop shows that on the fourth anniversary of the WannaCry attack a high percentage of IT environments are still running known vulnerabilities.
It shows the continuing use of ill-advised and insecure protocols, including Server Message Block version one (SMBv1), which was exploited by the WannaCry ransomware variant to encrypt nearly a quarter of a million machines worldwide, and is still found in 67 percent of environments.
In early 2021, the ExtraHop threat research team looked at the prevalence of insecure protocols in enterprise environments, specifically SMBv1, Link-Local Multicast Name Resolution (LLMNR), NT Lan Manager (NTLMv1), and Hypertext Transfer Protocol (HTTP).
It shows 70 percent of environments are still running LLMNR, 34 percent of enterprise environments have at least 10 clients running NTLMv1, and 81 percent of enterprise environments still use insecure HTTP plain text credentials.
"It's easy to say that organizations should get rid of these protocols in their environments, but often it's not that simple. Migrating off SMBv1 and other deprecated protocols may not be an option for legacy systems, and even when it is an option, the migration can trigger disruptive outages. Many IT and security organizations will choose to try and contain the deprecated protocol instead of risking an outage," says Ted Driggs, head of product at ExtraHop. "Organizations need an accurate and up-to-date inventory of their assets' behavior to assess risk posture as it relates to insecure protocols. Only then can they decide how to remediate the issue or limit the reach of vulnerable systems on the network."
The full report can be found on the ExtraHop site.