The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

WannaCry - Don't...Just Learn the Lessons

21 July 2017 | Updated 01 January 1970

Earlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus.

There was some relief when a second spike of attacks did not materialise, despite warning from experts that this was likely. But if you weren’t compromised this time, it doesn’t mean that your systems are safe – according to threat intelligence researchers, it is only a matter of time until we see a new wave of ransomware attacks.

There are plenty of other exploits circulating in the “wild”, that could easily turn into an attack similar to WannaCry, targeting a different set of vulnerabilities.

The havoc caused by WannaCry should act as a wake-up call to ensure that you are protected for the next wave of ransomware attacks. Justin Coker, vice president EMEA, Skybox Security said: “We mustn’t let the lessons of the WannaCry outbreak be forgotten. Its impact further emphasises the need for organisations everywhere to change their approach to managing and prioritising vulnerabilities, if they want to stay ahead of increasingly organised and sophisticated hackers”.


Lesson 1: Optimise legacy systems

Far too many companies continue to rely on out of date legacy systems and additionally fail to maintain them, leaving them vulnerable in the event of a cyber-attack. As a first step, you should update passwords, configuration and security settings on these machines, as legacy systems may have been implemented without changes to the original configuration. Ensure that risky configurations, like default and easily discoverable passwords and other exploitable settings, are updated.

As many companies were made painfully aware during the WannaCry attack, patching is incredibly important, with out of date patches providing an easy way for cybercriminals to get into your systems. Check with your vendor for the latest patches that are available – this should be a priority to make sure that your systems are as protected as they can be. Where operational constraints prevent patching, indirect mitigation can be used as a temporary solution until proper patching can take place.


Lesson 2: Change the way you think about cyber security

The vulnerability exploited by ransomware virus EternalBlue as part of the WannaCry attack has had a patch available since March – a full month before the attack took place. Yet, so many companies did not make use of it. Were they not aware of how critical this was? Were vulnerability management and IT operations teams simply overwhelmed by the sheer number of vulnerability alerts? Whatever the reason, the conclusion is clear – the way companies approach cyber security needs re-thinking.

At the moment, many businesses react to a cyberattack in the same way as the crew of a ship hit by a torpedo: by frantically pumping out sea water, without actually knowing where the hole in his ship is.

To keep up with attackers, a new approach to vulnerability and threat management is needed. Cybercriminals are moving fast, and it’s becoming easier for them to gain access to exploits that can deliver devastating malware.

Security programs must evolve and fast. Instead of being an exercise of trying to patch everything all the time, businesses need to develop a much more focused, intelligent action-driven view, that considers real-world threats and prioritises them. This threat-centric vulnerability management approach means correlating multiple factors to determine the risk vulnerability poses. This will allow teams to manage the huge volume of “known” vulnerabilities that are potential threats and narrow them down to a small, manageable number of vulnerabilities that are identified as imminent threats - exposed vulnerabilities known to be exploited in the wild.


Lesson 3: Accept that this is just the beginning

Cybercriminals are moving incredibly fast – so we need to speed up, too. It’s easier than ever to gain access to exploits that can deliver devastating results with a high ROI, like the WannaCry ransomware variant. This is only the beginning and if organisations are to stay ahead of hackers, they need to take an entirely different approach to vulnerability and threat management.

Security teams need to switch their focus from patching everything (which is an impossible task, anyway) to intelligent action that considers what exploits and other tools hackers are actually using in the real world. In other words, they need to go from simple vulnerability management to threat-centric vulnerability management.

By Ravid Circus of Skybox Security

Article written by Ravid Circus | Published 21 July 2017


Related Articles

Phishing Docs and the Digital Signature?

Protecting digital documents and being able to verify that the sender of a file is, in fact, who they say they are, is fast becoming a major concern for many...

 Read Full Article
Watch What Staff Click - Ransomware Warning

Colin Tankard says the dust from the ransomware which hit major organisations around the world on Friday 12 may seem to have settled but vulnerabilities still exist in...

 Read Full Article
Ransomware - the Protection Racket

ThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some...

 Read Full Article
Ransomware - Universities and Students Under Attack

63% of British universities who responded to a Freedom of Information request made by SentinelOne, admit to being the target of a ransomware attack. Over half, 56%,...

 Read Full Article
On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
NHS Seeks Friendly Fire Power In Cyber War

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage...

 Read Full Article
One in Ten Brits are Victims of Cyber Fraud

Research of over 10,000 consumers has revealed that one in ten people have been a victim of cyber fraud whilst not protected by cybersecurity software. Meanwhile, more...

 Read Full Article
Who's Taking on the Cyber Men?

One in five businesses have fallen victim to cyber attacks in the past year, according to the results of a survey released this week ending April 21 by the British...

 Read Full Article
Phishing, Crashing and Nicking - a Security Digest

The City of London Police’s National Fraud Intelligence Bureau (NFIB) is urging university staff to take preventative action following more than 100 reports from...

 Read Full Article