Protect Your Systems Against the EternalBlue Vulnerability

Credit unions need to ensure they aren’t vulnerable to ransomware like Petya or WannaCry that can exploit the security vulnerability EternalBlue found on Microsoft’s Windows-based systems.

Blue computer circuit board close-up connected to a central process unit with a glowing green globe showing North America on top.Published by the hacking group Shadow Brokers in April, this security vulnerability targets Windows’ SMB file-sharing system 1.0. This is a network file sharing protocol that allows computer applications to read and write to files, and to request services from systems that are on the same network. Left unpatched, hackers and other cyber actors can exploit this vulnerability and spread WannaCry and other infections to other unpatched computers and networks.

Versions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016 are all vulnerable to the EternalBlue exploit.

Here’s how you can strengthen your IT systems to ensure you’re better protected:

  • Install Microsoft’s patch for the EternalBlue vulnerability that was released on March 14 on to your systems;
  • Ensure your anti-virus software is up-to-date;
  • Review and manage the use of privileged accounts. A best practice is to implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary;
  • Educate your staff so they can scrutinize links and attachments found in unsolicited emails;
  • Limit access to critical functions or files to only those who absolutely need it. For example, if a user only needs to read specific files, they should not have write access to those files or directories;
  • Enable automatic installation of patches for your operating system and web browser;
  • Disable macro scripts on Microsoft Office files transmitted by email;
  • Develop and implement education programs to help employees identify scams, malicious links and forms of social engineering. Test your employees regularly as well; and
  • Test your backups to ensure they work correctly.

Remember: Cyber adversaries can exploit vulnerabilities in older operating systems and un-patched software now more than ever before. The breadth and complexity of the exploits and malware we have seen often exceed the protections that reactive defenses like anti-virus software can provide. Proactive defenses like those provided by Microsoft and other third parties can help. As can cyber-threat intelligence and regular vulnerability assessments.

For additional information, visit NCUA’s Cybersecurity Resources Center at https://go.usa.gov/xRPBC.