35 Companies Could Stop 70% of U.S. Vulnerability to Wanna Cry & Double Pulsar Attacks
Wanna Cry, the malware that encrypts a targets machine and spreads from computer to computer using a leaked NSA exploit showed that the number of U.S. compromised targets more than doubled from Monday to Tuesday of this week. The exploit, code named Double Pulsar, allows for attack and practically automated compromise of any unpatched target computers within range that has port 445 open.
Further dissemination of this malware could be majorly contained if the following 35 Internet Service Providers / Web-hosts took proactive measures to shut down communications on the vulnerable ports of their clients, who may be completely unaware that their hosted computers are vulnerable to attack or possibly even compromised already.
If you know anyone at these Internet Service Providers or Web Hosts, please share this with them and inform them they should check shodan.io and query port 445 to see which of their machines have their shields turned off to this relatively automatic compromise vector. The issue isn’t just the Wanna Cry Malware, but more so, the ease of exploiting port 445 to permanently take over a machine without any action required by the victim, and then silently persist. Infection could remain well past remediation of the encrypted lost files unbeknownst to the user or IT staff if the malware attack is combined with other leaked cyber weapons such as the Hacking Team’s Remote Control Systems or the CIA’s After Midnight, both of which have leaked and been disseminated to the bad guys.
The leaked cyber weapons allow for a computer, tablet or smart phone to be compromised on-board the hardware components, such that even completely reformatting and reloading the operating system or even doing the same on a new hard drive does not remove the hardware based root kit.
Here is the list I compiled as of this morning for all U.S. computers reported by Shodan.io with the vulnerable port 445 exposed publicly.
Top 35 Hosts / ISPs with Largest Number of Computers Exposing Port 445
|ISP / Web Host||Total Number of Computers With Port 445 Open||% of Potential Vulnerable ISPs|
|Nobis Technology Group, LLC||35,449||7.10%|
|SpeedVM Network Group LLC||30,547||6.12%|
|Global Frag Networks||17,710||3.55%|
|Take 2 Hosting||6,392||1.28%|
|Ubiquity Server Solutions Los Angeles||5,964||1.19%|
|Sun Network (Hong Kong) Limited||4,018||0.80%|
|Time Warner Cable||2,700||0.54%|
|University of Washington||2,451||0.49%|
|Cloudddos Technology Co.,limited||1,179||0.24%|
|All Other ISP Web Hosts||143,837||28.80%|
|Total Computers Exposing port 445 in US||499,402||100.00%|
* Data captured from shodan.io as of 5/17/2017 8:30 AM CST