A potential cyber-attack termed the ‘ExplodingCan’ may affect at least 375,000 computers running on Microsoft Windows 2003.
The codes for ‘ExplodingCan’ malware were stolen from the NSA by hackers who were also behind the WannaCry ransomware attacks.
Microsoft Windows 2003 servers run the Internet Information Services version 6.0 (IIS 6.0) web server which is known for carrying an unpatched flaw since long. According to security research firm Secarma, hackers will exploit the said flaw to infect as many as 375,000 computers around the world.
By exploiting the said flaw, hackers behind ‘ExplodingCan’ will not only be able to gain remote access to computers but will also be able to download other malware like WannaCry which will then be used to extort money from users.
“Ultimately this is in the same risk category as the WannaCry attacks. It’s another way for cyber criminals and hacking teams to access your environment and, once they’re in, the internal parts of these systems are wide open to a variety of different attack vectors,” said Paul Harris, managing director of Secarma to the Daily Mail.
The new malware will not be able to infiltrate computers running Windows 2008 or newer versions of the operating system, the research firm added.
Microsoft presently offers a custom support programme which includes regular security patches to outdated systems against fees which can run up to $1,000 a year. However, Microsoft has also been quite vocal in urging users of such systems to upgrade to the latest Windows software which offers the best protections.
According to a report published in The Financial Times in May, Microsoft allegedly delayed rollout of a free security patch against WannaCry ransomware to promote its own ‘custom support’ programme. The delay helped spread the malware’s reach to 150 countries within hours.
The WannaCry ransomware affected over 200,000 systems across 150 nations. However, hackers behind it have warned that they will launch more malicious codes in June to hack into more computers and phones around the world. The hackers have also claimed that they will dump data from central banks using the SWIFT international money transfer network and will also access data related from nuclear and missile programmes of countries like China, Russia, Iran and North Korea.
“If you have not updated software which is vulnerable to these tools, then the blunt truth is that you may be hit in the next wave. In the longer-term attackers will simply use whatever new exploit code comes along in commonly Internet facing software. For now, the best bet would be the Shadow Brokers dump,” noted researchers at Secarma in a blog post.
“Given past behaviour we made an educated guess that the next missile may be sitting right next to the last one. After all this arsenal was created allegedly to allow a nation state to enter any network of their choosing with ease. It contained exploits for many common pieces of software which are being used to power businesses today,” they added.