WannaCry could hit Windows 10
WannaCry damaged mostly machines running Windows 7, however this variant could affect Windows 10 devices
Security researchers have discovered that a variant of the infamous WannaCry ransomware attacks could be used to infect unpatched Windows 10 machines.
RiskSense found that EternalBlue, a remote kernel exploit used in WannaCry, could bypass detection rules recommended by governments and antivirus vendors.
This version of EternalBlue, an exploit initially released by Shadow Brokers earlier this year, does not use the DoublePulsar payload common among other exploits leaked by the hacker group. DoublePulsar was the main implant used in WannaCry and a key focus for defenders.
"That backdoor is unnecessary," said RiskSense senior security researcher, Sean Dillon. "This exploit could directly load malware onto the system without needing to install the backdoor."
EternalBlue gives instant un-credentialed remote access to Windows machines without the MS17-010 patch update. While it's difficult to port EternalBlue to additional versions of Windows, it's not impossible. Unpatched Windows 10 machines are at risk, despite the fact that Microsoft's newest OS receives exploit mitigations that earlier versions don't.
Dillon added: "These can infect a network and you won't know about it until years later. It's a threat to organisations that have been targets, like governments and corporations. Attackers may try to get onto these networks and lay dormant ... then steal intellectual property or cause other damage."
He highlights that businesses should update to Windows 10 but put in place the necessary firewalls, setting up VPN access for users who need internal access and an in-depth inventory that can identify software and devices n networks, as well as knowing when patches are released.