<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

What is an SMB vulnerability?

SMB Overview

Server Message Block (SMB) is a Microsoft network file sharing protocol. Leaving an SMB service open to the public can give attackers the ability to access data on your clients’ internal network, and increases their risk of a ransomware attack or other exploit. Notably, SMB1 (a legacy version of the service) was used as an attack channel for both the WannaCry and NotPetya mass ransomware attacks in 2017. Server Message Block (SMB) allows devices on the same network to share files with each other. Printers, mail servers, and high-priority internal network segments use SMB to provide access to remote users.

If this protocol is identified as unsecured on a policyholder's IT system, this triggers an alert from Corvus. Click here to learn about dynamic security alerts.  

Best Practices for Securing SMB

Properly securing SMB services is the ideal resolution. We recommend that your clients take the following steps to address their SMB vulnerability.  

  1. Work with their IT team to investigate the vulnerability

  2. Assess the version of SMB used. Best practices recommend:

    • Disabling SMBv1 and
    • Blocking all versions of SMB at the network boundary (more information on this here)

Recent Articles

Cleo File Transfer Alert | December 2024


Cleo customers could be at risk due to a critical security flaw. Here's what you need to know.

November 2024: A Record-Breaking Month for Ransomware Attacks


In November 2024, ransomware activity reached an all-time high, with 632 reported victims listed to leak sites. Learn more in this ransomware update.

Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed


Ransomware attacks remained high in Q3 2024 thanks to the RansomHub, PLAY, and LockBit 3.0 ransomware gangs. Check out the full cyber report for more info.