In a baffling turn of events, computers at Boeing have allegedly been infected with the WannaCry Ransomware. According to the Seattle Times, a memo was sent out by a Boeing employee that states that systems have been affected and that there were concerns the ransomware would “spread to airplane software”. Dan Matthews, Director of Engineering at Lastline commented below.
Dan Matthews, Director of Engineering at Lastline:
“The WannaCry core codebase has not changed, to the best of our knowledge. We continue to see outbreaks because of the built-in worm (self-propagation) behavior which the EternalBlue exploit allowed the malware creators to include. For comparison, Lastline continues to see a small number of variants of the Conficker worm from 2008-2009 across our customer base each month. This worm exploited the MS08-067 vulnerability, which also attacked the Microsoft SMB protocol.
Many vendors and security professionals published WannaCry prevention and remediation suggestions when the outbreak first appeared- these strategies are still valid, but can be difficult and risky to deploy in complex manufacturing environments such as Boeing’s. Healthcare environments are also particularly susceptible to malware worm infestations for similar reasons.
We are confident that, like Conficker, we will continue to see periodic WannaCry outbreaks because of its in-built worm spreading functions and a lack of consistent patching.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.