Fast, reliable and secure solutions purpose built for research and education
Solutions for managing data and enabling collaboration virtually anywhere
Solutions for protecting campus networks and assets from cyber threats
Empower collaboration, discovery and innovation
Accelerate digital transformation
Inspire great teaching and learning
Transform the classroom experience
Discover, share and preserve collections
About our company and what we do
From pioneering the internet in Australia in 1989 to today
Our Board, Executive Team and Advisory Committee
Our company policies, statements and public reports
Explore opportunities and benefits of working with AARNet
Log in to view details about your AARNet services, including usage reports
Log in to send files of any size, quickly and securely
CloudStor is being decommissioned on 15 December, 2023.
Browse answers to frequently asked questions about our products and services
Check the current performance status for our services
Fast local access to popular international open-source content
Check to see if a web address is on-net
Over the weekend of 13 & 14 May, hundreds of thousands of computer systems at government agencies, hospitals and companies in dozens of countries were affected by the malicious WannaCry cyber attack, which locked computers and held files to ransom. Australia is among the countries affected.
Here, Edward Farrell, Director & Principal Consultant at Mercury Information Security Services provides an analysis of Australia’s exposure and response to this ransomware attack.
Exploitation of the vulnerability is dependent upon the availability of windows SMB (port 445) and a failure to patch MS17-010. Given this fact, there are two attack vectors:
Late Sunday/Early Monday (14 &1 5 May) our team started planning and preparing for analysis of the Australian response to patching MS17-010. The purpose of this was to gauge the number open systems that could be readily exploited and observe patching behaviours. Over the past few days, we’ve identified ~3000 likely targets in Australia (that is SMB exposed to the internet and running windows in Australia). An exploration of these (not exploitation) identified the following statistics:
A few points/observations from this:
I also identified that Shodan has 32 of this count that it has identified as having been hit with doublepulsar last month.
Information in this article was first published in articles by Edward Farrell on LinkedIn and has been reproduced in this story on the AARNet News site with the permission of the author.
View Edward Farrell’s WannaCry analysis updates published on LinkedIn