By Corey Moss
Yes, another major cyber attack has taken place. It has been reported in many online media outlets over the last several days how an ongoing cyberattack of WannaCry (or WannaCrypt, WanaCrypt0r 2.0,Wanna Decryptor), an NSA-derived ransomware worm, shut down more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency Bitcoin in 28 languages.
To be specific, the WannCry ransomware is based on the EternalBlue exploit * of Windows Server Message Block (SMB) v1 found in a recent dump of NSA cyberweapons. Microsoft had released a patch for supported systems in the March 2017 Patch Tuesday updates with bulletin MS17-010. **
One of the resources which I like to consult, Brian Krebs (KrebsonSecurity), reported that on May 13th Microsoft Corp. took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8, in a move to slow the spread of the WanaCrypt ransomware strain that infected Windows computers virtually overnight.
The virally spreading worm was ultimately stopped, in what was determined to be a major stroke of good luck, when a researcher known as MalwareTech on Twitter (and works for security firm Kryptos Logic) took control of a domain name that was hard-coded into the self-replicating exploit. Good luck indeed, as it was possible only because the attackers had failed to obtain the address first.
Now, with this being talked about as well as reported across media outlets in audio visual, just why is the ransomware, as well as overall information security discussion building to crescendo?
I believe we can look back to January 2016 and the situation concerning AMX and the backdoor. I wrote in another publication “Baffling” Backdoor Cyber-Talks stating that it was an overall scare tactic wrapped in insufficient conclusions by Austrian firm SEC Consult (along with an incorrect comparison to the NSA/Juniper incident) initiated by Forbes security writer Thomas Fox-Brewster (@iblametom) who wrote this article. The situation, though not to be taken lightly, was not quite as dangerous as many were making it out to be. There was no breach of the White House where AMX equipment is in use, nor any federal government offices for that matter.
As we fast forward to 2017 though, and look at what hackers can do to corporate enterprise, the federal government, along with hospitals and higher ed institutions these days, maybe it is time for the emergency button to be pressed – especially in regard to this recent attack.
As for those who lay in wait for the next attack, and yes, it will come – it’s time to truly send the message to industry manufacturers, as well as integrators to act, and not wait to react. Certain planning as well as preventative measures can certainly be taken, and it is imperative that manufacturers issue, and regularly make integrators aware of necessary patches. Managed services need to be properly set up to fulfill these requirements for clients if they are managing client security procedure as well. This is indeed a serious time of security planning and procedure for the industry.
We do also have to take into account, however, who the proper authorities on certain subjects are, and how the industry moves ahead in terms of this very serious subject matter of security. Follow true industry, and non-industry experts, whenever you can. I have attended cybersecurity conferences for four years where experts in government and private sector speak, I have knowledge in the area, and I have done research as well.
I am by no means an information security expert though.
Information security (infosec) represents a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. For those in the practice of infosec, their responsibility is in identifying and implementing reasonable controls that are sufficient to deter attackers.
It is up to those who present overall security options, to go along with AV and IT integration, to do it with full knowledge-base in mind. Unless you have such experts in your organization (better to be credentialed), you should seek security expert advice as well as assistance when necessary, especially where client based decision-making is concerned. Ask for security certifications where they apply, just like those in the AV industry that are taken into account so heavily, and presented to those who you need to appeal to as experts in the field. Dimension Data is one such industry provider of security strategies.
Crowdstrike is one of the expert endpoint protection (cloud-delivered) providers focused to ransomware prevention. According to CrowdStrike, from day one, their Falcon product completely blocked the WannaCry threat and kept customer environments secure. An end user can test drive Falcon by signing up here.
A suggested download – CrowdStrike whitepaper Ransomware – A Growing Enterprise Threat.
There are very good IT/cybersecurity resources that you can reference – Top 50 InfoSec Blogs You Should Be Reading (which includes WIRED Threat Level, Dark Reading, KrebsonSecurity, and Security Weekly).
Planning for “the next attack” is immeasurably better than waiting for it – as again it will come, it’s just a matter of when. Protection and prevention are the keys.
** In March, Microsoft released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, Microsoft suggests you immediately deploy Microsoft Security Bulletin MS17-010.
For customers using Windows Defender, Microsoft released an update on May 12th which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
With almost 20 years in audio visual integration and IT/computer sales and consulting, Corey Moss is the owner of Convergent Tech – online publications Convergent Tech Blog and Convergent AV, and consulting. Corey writes for the publications and hosts/produces podcasts – Convergent Tech Blog Discussion (on Convergent Tech Blog) and The AV Life, The Edge of AV, EdTech Focus and The Show Corner all on Convergent AV. He has written for numerous industry publications about AV, IT, unified communications and collaboration (UCC), cloud and software, IoT, cybersecurity and more. He has also conducted interviews with AV and IT executives and global influencers.