It’s a dangerous world out there. Whether it’s criminals looking for someone to shake down for cash or nation states looking to further their own agendas, motivated and capable people are constantly knocking on doors looking for a way in. And even though the WannaCry malware doesn’t have the sophistication of many of its peers, it’s rapid spread has been a wake-up call for the internet.
Everyone knows ransomware is bad news. Bad news that we hope to avoid by training our users to detect phishing attempts. But in this case, there is evidence that email was not a significant infection vector. Rather, the use of Eternalblue, an SMB exploit leaked from the cache of hacking tools stolen from the NSA and released publicly a few months ago, made this a bad day even for people careful about phishing links.