NHS IT Services Supplier Victim of Ransomware Attack
It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...
Read Full ArticleEarlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus.
There was some relief when a second spike of attacks did not materialise, despite warning from experts that this was likely. But if you weren’t compromised this time, it doesn’t mean that your systems are safe – according to threat intelligence researchers, it is only a matter of time until we see a new wave of ransomware attacks.
There are plenty of other exploits circulating in the “wild”, that could easily turn into an attack similar to WannaCry, targeting a different set of vulnerabilities.
The havoc caused by WannaCry should act as a wake-up call to ensure that you are protected for the next wave of ransomware attacks. Justin Coker, vice president EMEA, Skybox Security said: “We mustn’t let the lessons of the WannaCry outbreak be forgotten. Its impact further emphasises the need for organisations everywhere to change their approach to managing and prioritising vulnerabilities, if they want to stay ahead of increasingly organised and sophisticated hackers”.
Lesson 1: Optimise legacy systems
Far too many companies continue to rely on out of date legacy systems and additionally fail to maintain them, leaving them vulnerable in the event of a cyber-attack. As a first step, you should update passwords, configuration and security settings on these machines, as legacy systems may have been implemented without changes to the original configuration. Ensure that risky configurations, like default and easily discoverable passwords and other exploitable settings, are updated.
As many companies were made painfully aware during the WannaCry attack, patching is incredibly important, with out of date patches providing an easy way for cybercriminals to get into your systems. Check with your vendor for the latest patches that are available – this should be a priority to make sure that your systems are as protected as they can be. Where operational constraints prevent patching, indirect mitigation can be used as a temporary solution until proper patching can take place.
Lesson 2: Change the way you think about cyber security
The vulnerability exploited by ransomware virus EternalBlue as part of the WannaCry attack has had a patch available since March – a full month before the attack took place. Yet, so many companies did not make use of it. Were they not aware of how critical this was? Were vulnerability management and IT operations teams simply overwhelmed by the sheer number of vulnerability alerts? Whatever the reason, the conclusion is clear – the way companies approach cyber security needs re-thinking.
At the moment, many businesses react to a cyberattack in the same way as the crew of a ship hit by a torpedo: by frantically pumping out sea water, without actually knowing where the hole in his ship is.
To keep up with attackers, a new approach to vulnerability and threat management is needed. Cybercriminals are moving fast, and it’s becoming easier for them to gain access to exploits that can deliver devastating malware.
Security programs must evolve and fast. Instead of being an exercise of trying to patch everything all the time, businesses need to develop a much more focused, intelligent action-driven view, that considers real-world threats and prioritises them. This threat-centric vulnerability management approach means correlating multiple factors to determine the risk vulnerability poses. This will allow teams to manage the huge volume of “known” vulnerabilities that are potential threats and narrow them down to a small, manageable number of vulnerabilities that are identified as imminent threats - exposed vulnerabilities known to be exploited in the wild.
Lesson 3: Accept that this is just the beginning
Cybercriminals are moving incredibly fast – so we need to speed up, too. It’s easier than ever to gain access to exploits that can deliver devastating results with a high ROI, like the WannaCry ransomware variant. This is only the beginning and if organisations are to stay ahead of hackers, they need to take an entirely different approach to vulnerability and threat management.
Security teams need to switch their focus from patching everything (which is an impossible task, anyway) to intelligent action that considers what exploits and other tools hackers are actually using in the real world. In other words, they need to go from simple vulnerability management to threat-centric vulnerability management.
By Ravid Circus of Skybox Security
Article written by Ravid Circus | Published 21 July 2017
It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...
Read Full ArticleAfter breaking the news of the ISS World malware crisis, ThisWeekinFM speaks to the industry experts, to identify how FM companies can better manage cybercrime...
Read Full ArticleEMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks. The website of EMCOR Group, the global providers of facility...
Read Full ArticleThe cyber attack on the global heavy manufacturing sites of Norsk Hydro saw the aluminium producer lose over £25.5 million in under a week. Here we detail three...
Read Full ArticleA major global aluminium producer with multiple sites, including furnaces, has been the victim of a major and malicious cybersecurity attack. A lack of ability to connect...
Read Full ArticleOne report says on average, one third of business decision makers would pay hackers' ransom demands; while another - DNS Threat Report - shows European...
Read Full ArticleColin Tankard says the dust from the ransomware which hit major organisations around the world on Friday 12 may seem to have settled but vulnerabilities still exist in...
Read Full ArticleProtecting digital documents and being able to verify that the sender of a file is, in fact, who they say they are, is fast becoming a major concern for many...
Read Full ArticleResearch of over 10,000 consumers has revealed that one in ten people have been a victim of cyber fraud whilst not protected by cybersecurity software. Meanwhile, more...
Read Full ArticleThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some...
Read Full Article