WannaCry - Don't...Just Learn the Lessons

• Content
• Smart Buildings & Technology
• WannaCry - Don't...Just Learn the Lessons

21 July 2017 | Updated 01 January 1970

Earlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus.

There was some relief when a second spike of attacks did not materialise, despite warning from experts that this was likely. But if you weren’t compromised this time, it doesn’t mean that your systems are safe – according to threat intelligence researchers, it is only a matter of time until we see a new wave of ransomware attacks.

There are plenty of other exploits circulating in the “wild”, that could easily turn into an attack similar to WannaCry, targeting a different set of vulnerabilities.

The havoc caused by WannaCry should act as a wake-up call to ensure that you are protected for the next wave of ransomware attacks. Justin Coker, vice president EMEA, Skybox Security said: “We mustn’t let the lessons of the WannaCry outbreak be forgotten. Its impact further emphasises the need for organisations everywhere to change their approach to managing and prioritising vulnerabilities, if they want to stay ahead of increasingly organised and sophisticated hackers”.

Lesson 1: Optimise legacy systems

Far too many companies continue to rely on out of date legacy systems and additionally fail to maintain them, leaving them vulnerable in the event of a cyber-attack. As a first step, you should update passwords, configuration and security settings on these machines, as legacy systems may have been implemented without changes to the original configuration. Ensure that risky configurations, like default and easily discoverable passwords and other exploitable settings, are updated.

As many companies were made painfully aware during the WannaCry attack, patching is incredibly important, with out of date patches providing an easy way for cybercriminals to get into your systems. Check with your vendor for the latest patches that are available – this should be a priority to make sure that your systems are as protected as they can be. Where operational constraints prevent patching, indirect mitigation can be used as a temporary solution until proper patching can take place.

Lesson 2: Change the way you think about cyber security

The vulnerability exploited by ransomware virus EternalBlue as part of the WannaCry attack has had a patch available since March – a full month before the attack took place. Yet, so many companies did not make use of it. Were they not aware of how critical this was? Were vulnerability management and IT operations teams simply overwhelmed by the sheer number of vulnerability alerts? Whatever the reason, the conclusion is clear – the way companies approach cyber security needs re-thinking.

At the moment, many businesses react to a cyberattack in the same way as the crew of a ship hit by a torpedo: by frantically pumping out sea water, without actually knowing where the hole in his ship is.

To keep up with attackers, a new approach to vulnerability and threat management is needed. Cybercriminals are moving fast, and it’s becoming easier for them to gain access to exploits that can deliver devastating malware.

Security programs must evolve and fast. Instead of being an exercise of trying to patch everything all the time, businesses need to develop a much more focused, intelligent action-driven view, that considers real-world threats and prioritises them. This threat-centric vulnerability management approach means correlating multiple factors to determine the risk vulnerability poses. This will allow teams to manage the huge volume of “known” vulnerabilities that are potential threats and narrow them down to a small, manageable number of vulnerabilities that are identified as imminent threats - exposed vulnerabilities known to be exploited in the wild.

Lesson 3: Accept that this is just the beginning

Cybercriminals are moving incredibly fast – so we need to speed up, too. It’s easier than ever to gain access to exploits that can deliver devastating results with a high ROI, like the WannaCry ransomware variant. This is only the beginning and if organisations are to stay ahead of hackers, they need to take an entirely different approach to vulnerability and threat management.

Security teams need to switch their focus from patching everything (which is an impossible task, anyway) to intelligent action that considers what exploits and other tools hackers are actually using in the real world. In other words, they need to go from simple vulnerability management to threat-centric vulnerability management.

By Ravid Circus of Skybox Security

Article written by Ravid Circus | Published 21 July 2017

Share

Related Articles