H3-2022-0004

Server Message Block (SMB) Port Exposed to the Internet

Description

The SMB service is exposed to the Internet. An attacker can exploit this misconfiguration by conducting credential attacks, such as using passwords obtained from past data breaches or performing password spray attacks to gain unauthorized access to the system. Alternatively, the attacker may exploit any known critical SMB-related vulnerabilities to breach the system.

Impact

This misconfiguration enables an attacker to potentially gain access to the internal network. With access, the attacker can potentially move laterally across the network, access and manipulate sensitive data, and compromise additional systems.

References

• The Complete Guide on Server Message Block
• Malware Spreading through SMB Brute Force Attacks
• How Threat Actors Are Using SMB Vulnerabilities
• MITRE ATT&CK Technique: T1133: External Remote Services