There are 2,306,820 devices connected to the Internet at the moment that feature open ports for SMB services, the same protocol that was used to infect hundreds of thousands of computers with the WannaCry ransomworm a month ago.
Of these, 42%, or nearly 970,000, provide “guest” access, meaning anyone can access data shared via the SMB file-sharing protocol without needing to provide authentication.
The exploits used by WannaCry didn’t necessarily need guest access, but only that the system be connected to the Internet. Providing guest access opens the machine to less complex exploits.
According to Shodan founder John Matherly, who compiled these numbers over the past few days, of these nearly one million SMB devices with guest access, 90% are running Samba, a Linux file sharing application that provides interfacing with SMB services on Windows.
Because ETERNALBLUE, an alleged NSA exploit that leaked online, can’t target Linux this doesn’t mean these systems are safe. Samba itself is also plagued by a vulnerability called SambaCry that affects all Samba installations released in the past seven years. This flaw has been used to take over Linux servers with open SMB ports and install cryptocurrency miners.
Both Windows and Samba come with SMB guest access disabled by default, which means that device administrators are intentionally enabling this feature. Matherly points out that almost half of the devices that have Samba SMB guest access enabled are located on the network of Etisalat, a large ISP in UAE.
Submitted by: Arnfried Walbrecht