After a chaotic week, courtesy of the WannaCry Ransomware attack, another vulnerability has been found that could lead to another exploit. This time, because of older Linux software still in fairly wide use.
In the fallout of the original attack, researchers found the vulnerability in a widely used Linux networking software, according to security researchers. The Department of Homeland Security made the announcement and advised updating the software to anyone still using it, which could be exploited in the same way as the original attack. And it is not a small number of computers either, with another 100,000 potential targets open to the hack.
This discovery came thanks to the efforts of cybersecurity firm Rapid7. Rebekah Brown, a member of the firm, told Reuters that, despite the vulnerability, there was no sign of hackers trying to take advantage of it in the 12 hours since it was found. However, she did make a point that it was very easy to develop the malware needed to jump in the hole. In their tests, she revealed that it only took them 15 minutes to develop the malware, highlighting the ease of the exploit.
The timing of this news couldn't have come at a more awkward moment, with victims of the first attack still trying to recover from it. The hackers, whom some believed to be from North Korea, didn't walk away much better either, with most of the victims refusing to pay the ransom. Having another exploit available, and now out in the open, it shouldn't come as a surprise if the hackers decide to take advantage.
The software in question is Samba, a free network software developed for Unix and Linux computers. The versions that are open to attack are Samba 3.5 to 4.4, and work similarly to the file-sharing programs Windows uses. The problem with fixing this weakness, though, is that the versions of Samba mentioned cannot be patched at this point, despite DHS's advice to any users with the program. Anything after 4.4, though, did get the proper patch to prevent the attack.
If there is any silver lining in all of this, it's that another attack may not be as widespread as the first one. Granted, Rapid7 made a point of saying that it's possible more computers could be vulnerable than the 100,000 mentioned. And, much like with the first attack, most of those computers belong to businesses and organizations. But Linux has never been as widely used or available in the way Apple and Windows computers are, so that may be a good thing in this situation.
Kevin Billings Tech Times editor Kevin Billings is a born geek at heart. Whether it's video games, movies, tv, comics, or tech, you will likely find Kevin there. And he feels gratified in his passions now that geek culture has come to dominate mainstream pop culture.