Linux/Unix platforms are anymore! Wannacry like threat is the reason
Researches have found out that the Samba vulnerability is becoming a new threat to the Linux and Unix systems. There is a high probability that this might lead to even worse cyber attack like Wannacry. It is most likely to happen if IT professionals do not take actions as soon as possible.
As per the sources of Samba security advisory, the vulnerability (CVE-2017-7494) can have adverse effects on versions 3.5 (released March 1, 2010) and newer counterparts. The samba vulnerability can be exploited remotely. The criminal can make the malicious client to upload the shared library to a writable share. This could be the reason of the server loading and executing it.
Nick Bilogorskiy is senior director of threat operations at Cyphort. He told us that there are no such threats right now in the open internet but the chances that Samba vulnerability get worse if proper actions are not taken against it.
Since this vulnerability can be executed remotely, criminals might take advantage of the system that they have targeted. Nick explained it with an example that if an attacker drop the backdoor and get the data out of the system by stealing, and figure it out how to spy on the user, he will surely attack and encrypt data for a healthy sum of ransom.
Lane Thames is a senior security researcher at Tripwire. He said that it is actually difficult to exploit Samba vulnerability when compared to SMB vulnerability. He explained in the example that in order to exploit CVE-2017-7494 an attacker should figure it out how to find a vulnerable file in the system. Before this, he should be aware of a vulnerable system. After tracing the path of the vulnerable file, the attacker should be either authenticated with the vulnerable Samba server or he should have the share to be edited without authentication. But, even though this difficult, he insisted to patch this flaw as soon as possible.
REMEDY FOR SAMBA VULNERABILITY
According to Rapid7 Labs, port 445 is on which Samba vulnerability is more probable. It is the same port on which SMB is accessed on the Windows platform. It added that the port 139 can be used to expose endpoints to attack. The report suggested to evaluate their firewall to avoid entering the traffic of SMB/ Samba network from internet to directly their assets.
A patch was recently released and advisory was released with it for those who could not install the patch right away. Add this argument “nt pipe support = no” to the section of global configuration file that might remove the risk. But, with this, there will be a disadvantage that it will disable some functionalities of Windows.
Thames added that the storage solutions can also be a threat in near future. There was a rising awareness for the enterprise file and print server systems that are running on UNIX and Linux operating systems.
There are many storage devices that have used Linux and Unix for file sharing functionalities. These files are going to be troublesome for their firm, says Lane Thomas. Enterprise vendors are taking step very fast but there are many vendors who would not be able to keep pace with those enterprises.
WANNACRY VS SAMBA
Craig Williams is the senior technical leader at Cisco Talos. He said that the comparison between these two are rising because they affect the same protocol. “Samba is basically what [Linux/Unix] systems use to talk to Windows file stores and printers,” Williams said talking to a company. “That said, to date we have not seen a worm or even an exploit with a ransomware payload though this could change at any second.”
According to Bilogorskiy, WannaCry have better headlines in comparison to EternalBlue- the SMB vulnerability that was exploited by WannaCry.
WannaCry hit the world’s system after 60 days the patch was released. There were many systems that were auto upgradable and hence did not suffer. Those who could not update had to go the same fate as other victims of Wannacry. There are many Unix systems that do work without maintenance for years and years. Not just like other workstations, many users don’t even power them off.
Julia Sowells547 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.