web analytics

How threat actors are using SMB vulnerabilities

How threat actors are using SMB vulnerabilities

 

December 14th 2018, By Pieter Arntz

 

Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services.

 

A patch was released by Microsoft for SMB vulnerabilities in March 2017, but many organizations and home users have still not applied it. So now, the unpatched systems allow threats that take advantage of these vulnerabilities inside, helping active malware campaigns spread like Californian wildfire.

 

SMB vulnerabilities have been so successful for threat actors that they’ve been used in some of the most visible ransomware outbreaks and sophisticated Trojan attacks of the last two years. In fact, our product telemetry has recorded 5,315 detections of  Emotet, and 6,222 of Trickbot in business networks—two Trojan variants that are using the SMB vulnerabilities—in the last 30 days alone.

 

Full Article.






Take a look at the best antivirus, anti-malware, anti-spy, etc. software