The Shadow Brokers, a hacking group known for releasing exploits and vulnerabilities allegedly used by the National Security Agency (NSA), published a cache of tools over a month ago on April 14th. This release had initially caused panic within the security industry as it was believed at the time that some of the exploits were using zero day vulnerabilities, or vulnerabilities for which the vendor had not yet made a fix available. It was later learned that Microsoft had released a patch for these vulnerabilities in a March update, MS17-010. Since these vulnerabilities were first revealed, a set of malicious actors have deployed the DOUBLEPULSAR backdoor onto affected machines to permit easier access, and another set have written a worm, known as WannaCry, to take advantage of unpatched systems and spread internally within a network. BitSight customers have the ability to filter their portfolio of continuously monitored companies to determine those companies that are at risk because they have the DOUBLEPULSAR implant on a host.
The WannaCry ransomware worm also caused panic beyond the security community. Britain’s National Health Service (NHS) said 16 organizations had been affected. Hospitals across England were forced to turn away patients after experiencing service outages that affected an array of devices from desktops, X-ray machines, phone systems, and more. It is not the first time an event like this has happened: in March of 2016, MedStar Health patients in Maryland were also turned away as a result of a ransomware infection. However, the scale of disruption that occurred at the NHS may be unprecedented.
Source: https://www.bitsighttech.com/blog/understanding-doublepulsar-wannacry-across-industries-is-key-to-protecting-supply-chain
