{"id":906,"date":"2017-05-22T10:01:38","date_gmt":"2017-05-22T14:01:38","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=906"},"modified":"2017-07-14T08:12:03","modified_gmt":"2017-07-14T12:12:03","slug":"wannacry-did-not-start-with-a-phishing-attack-experts-say","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/","title":{"rendered":"WannaCry Did Not Start with a Phishing Attack, Experts Say"},"content":{"rendered":"
\"\"Despite initial\u00a0claims to the contrary, this month’s widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according to recent analysis from Malwarebytes<\/a>.<\/div>\n
<\/div>\n
Though the phishing claim was \u201can easy mistake to make\u201d, according to the security company<\/a>, the infection actually spread “via an operation that hunts down vulnerable public facing SMB ports and then uses the alleged NSA-leaked EternalBlue exploit to get on the network and then the (also NSA alleged) DoublePulsar exploit to establish persistence and allow for the installation of the WannaCry Ransomware.”<\/div>\n

These techniques let the ransomware attack spread like wildfire through vulnerable Windows machines across the globe in May, infecting over 230,000 machines in 150 countries and blocking users from their data unless they agreed to pay approximately\u00a0$300 in Bitcoin.<\/p>\n

The attack\u2019s spread only slowed when security researcher MalwareTech<\/a> accidentally discovered a killswitch for the malware by registering a domain for a DNS sinkhole found in the virus\u2019s code.<\/p>\n


Widget not in any sidebars
<\/p>\n

Though MalwareBytes conclusions are not airtight, the company said that the initial infection of SMB ports is the most likely culprit for the attack.<\/p>\n

\u201cWithout otherwise definitive proof of the infection vector via user-provided captures or logs, and based on the user reports stating that machines were infected when employees arrived for work, we\u2019re left to conclude that the attackers initiated an operation to hunt down vulnerable public facing SMB ports, and once located, using the newly available SMB exploits to deploy malware and propagate to other vulnerable machines within connected networks,\u201d explained Malwarebytes senior malware intelligence analyst, Adam McNeil.<\/p>\n

\u201cDeveloping a well-crafted campaign to identify just as little as a few thousand vulnerable machines would allow for the widespread distribution of this malware on the scale and speed that we saw with this particular ransomware variant.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Despite initial\u00a0claims to the contrary, this month’s widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according to recent analysis from Malwarebytes. Though the phishing claim was \u201can easy mistake to make\u201d, according to the security company, the infection actually spread “via an operation that hunts down vulnerable public facing SMB ports […]<\/p>\n","protected":false},"author":24,"featured_media":897,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[112,205,410,276,409],"acf":[],"yoast_head":"\nWannaCry Did Not Start with a Phishing Attack, Experts Say<\/title>\n<meta name=\"description\" content=\"Despite initial\u00a0claims to the contrary, this month's widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WannaCry Did Not Start with a Phishing Attack, Experts Say\" \/>\n<meta property=\"og:description\" content=\"Despite initial\u00a0claims to the contrary, this month's widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2017-05-22T14:01:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-07-14T12:12:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Edwards\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/\",\"name\":\"WannaCry Did Not Start with a Phishing Attack, Experts Say\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg\",\"datePublished\":\"2017-05-22T14:01:38+00:00\",\"dateModified\":\"2017-07-14T12:12:03+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"description\":\"Despite initial\u00a0claims to the contrary, this month's widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg\",\"width\":800,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WannaCry Did Not Start with a Phishing Attack, Experts Say\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WannaCry Did Not Start with a Phishing Attack, Experts Say","description":"Despite initial\u00a0claims to the contrary, this month's widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/","og_locale":"en_US","og_type":"article","og_title":"WannaCry Did Not Start with a Phishing Attack, Experts Say","og_description":"Despite initial\u00a0claims to the contrary, this month's widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2017-05-22T14:01:38+00:00","article_modified_time":"2017-07-14T12:12:03+00:00","og_image":[{"width":800,"height":350,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg","type":"image\/jpeg"}],"author":"Jeff Edwards","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/","name":"WannaCry Did Not Start with a Phishing Attack, Experts Say","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg","datePublished":"2017-05-22T14:01:38+00:00","dateModified":"2017-07-14T12:12:03+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"description":"Despite initial\u00a0claims to the contrary, this month's widespread WannaCry ransomware attack didn\u2019t begin with phishing emails as first suspected, according","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/05\/NSA-HQ-Day.jpg","width":800,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/wannacry-did-not-start-with-a-phishing-attack-experts-say\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"WannaCry Did Not Start with a Phishing Attack, Experts Say"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/906"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=906"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/906\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/897"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}