Duration of Exploits: How swift are your patches compared to the persistence of exploits?
In May 2017, a devastating ransomware strain known as WannaCry swept across the globe, affecting more than 200,000 computers worldwide. The attack, which disrupted businesses and public services, was traced back to a Windows networking vulnerability.
Interestingly, Microsoft had patched this exact vulnerability, known as EternalBlue, in March 2017. However, many systems were still vulnerable, as they hadn't been updated. This underscores the importance of patching early and often to prevent attacks using zero-day bugs or exploits that have been known for weeks or even months.
The origins of the EternalBlue exploit can be traced back to a breach at the US National Security Agency (NSA) in 2016. Hackers known as ShadowBrokers compromised and stole some or all of the NSA's exploit collection, which later found its way into the public domain. In April 2017, ShadowBrokers dumped the stolen exploits, and WannaCry was one of the malicious programs that utilised these stolen tools.
WannaCry exploited the EternalBlue vulnerability to spread automatically on and between Windows networks. A British cybersecurity researcher, however, registered an internet domain name that the virus code tried to contact, acting as an emergency "kill switch." This quick thinking limited the damage caused by the attack.
The British National Health Service (NHS) was particularly badly affected by WannaCry, causing widespread disruption to services. This highlighted the importance of maintaining up-to-date security measures in critical infrastructure.
Fast forward to June 2025, the Dutch National Cyber Security Centre (NCSC-NL) identified critical security vulnerabilities, CVE-2025-5777 and CVE-2025-6543, in Citrix NetScaler products. These vulnerabilities can be used against NetScaler ADC and NetScaler Gateway products as a stepping stone to break into unpatched networks. The vulnerabilities apparently allow unauthenticated outsiders to steal existing authentication credentials and to run untrusted code without any credentials.
Citrix provided patches for these vulnerabilities on June 25, 2025. However, many companies using NetScaler products had still not fixed this vulnerability by 2027. This incident serves as a reminder that using old, out-of-support systems that are still being used and exposed to the internet remains a security risk, even if they will never be patched.
In the wake of such incidents, it's crucial for businesses to know which software components and hardware devices are being used. Signing up with a specialist cybersecurity provider can help businesses focus on their own specialty rather than getting caught in a reactive cybersecurity treadmill.
In conclusion, the WannaCry attack, while occurring in 2017, continues to have implications for cybersecurity today. The importance of timely patching, knowledge of the software and hardware in use, and the need for proactive cybersecurity measures cannot be overstated.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
- Top 46 Significant Tech Firms Based in Toronto
