One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 367850 |
| Date de publication | 2017-05-23 13:00:00 (vue: 2017-05-23 13:00:00) |
| Titre | Are We Learning the Right Lessons from WannaCry? |
| Texte |
Encouraging organizations to follow the usual security best practices didn’t prevent the spread of WannaCry. Let’s acknowledge that and focus on new ideas that will.
In the aftermath of the WannaCry ransomware outbreak, a familiar pattern is beginning to play itself out. Now that we all know the general details behind how WannaCry infections were initiated and spread (by exploiting a known vulnerability that Microsoft patched back in March), initial alarm and concern is gradually giving way to an expected reaction from the security community.
“How could they not have patched yet?” “Why are they still running Windows XP?” “Who leaves port 445 open to the Internet?”
Before we go blaming the estimated 300,000 victims for bringing this attack on themselves, and before we pigeonhole the cause of the attack as simple negligence, we should consider that overly simplistic assessments may be part of the reason these attacks appear to be so frustratingly “inevitable”.
The real revelation of the WannaCry outbreak isn’t that there are a staggering number of outdated and unsecured systems out there, it’s that anyone believes that making the same old pleas and showering victims with blame will change anything.
If you read most recommendations from security vendors and experts in response to this attack out loud, you’ll sound like a broken record: Patch regularly. Don’t use outdated systems. Update your antivirus. Tell users not to click on things. Run backups.
These are all good pieces of advice. So are “Get more exercise,” “Avoid sweets,” and “Obey the speed limit.” But when the rubber meets the road, as it has in the WannaCry outbreak, they sound like security industry platitudes, not solutions. At best, they’re proved difficult to follow in the face of competing business pressures. At worst, they fail to address the real issues that leave companies vulnerable as we watch for repeat and copycat attacks undoubtedly coming down the pike.
So, rather than repeat these same old recommendations and throw up our hands when no one seems to listen, let’s break them down, describe where they fall short, and suggest alternatives that will help companies to take more productive steps toward protecting themselves.
Updating the 5 Most Common Recommendations for Protecting Your Company from the Next WannaCry
1) Patching
Current advice: “Keep all systems up to date with all patches.”
Better advice: “Treat security patches seriously.”
WannaCry was able to spread far and wide by utilizing an exploit called ETERNALBLUE, one of the NSA hacking tools leaked by a group called the Shadow Brokers in April. Microsoft released a patch addressing the vulnerability that ETERNALBLUE targets in March (MS17-010). Following the WannaCry outbreak, it also took the unusual step of rolling out additional patches for older versions of Windows. With |
| Notes | |
| Envoyé | Oui |
| Condensat | related “avoid “do “get “highlight “how “keep “make “obey “replace “run “strengthen “teach “treat “who “why 000 010 100 120 18th 2016 2017basic 240 300 3389 445 ability able about acceptable access accommodate accountability acknowledge across active activity add addition additional address addressing advice advice: affected afford aftermath again against ahead alarm alienvault® all alone alongside also alternatives always among announced announcement antivirus any anyone anything appear apply applying approach approaches april are areas aren’t assessments attachments attack attack: attackers attacks attempted automatically availability average aware awareness back backup backup: backups barkly’s based basics basis become been before beginning behaviors behind being believe believes best better between beyond blame blaming block blocked blocking bot both breaches break bringing broken brokers brought business but called can can't can’t case cases cause caused certainly certainty challenges change clear click comes coming common community companies company competing complete completely complicated compromised concern connect connection conscious consent consider considerable consistent consume contains continued control controls copycat corrupting costs could coverage: covered created credentials critical crucial crysis current customers damage dangerous data date day days dealing decision defense defenses delay delays demanding deployed deploying deployment describe designed details detect dharma dictates did didn’t different difficult directory disable disclosed discontinuation discussion does doesn’t doing don’t done down effectively effort eliminate email emails encourage encouraging encrypt encrypted endpoint engineering enough enterprise entry environments equally equipment especially estimated eternalblue evaluating even ever every everything example execute executing exercise exfiltration existence existing expected experts exploit exploiting exploits exposure eye face fact fail fall familiar far feel files firewalls first fixes focus follow following force from frustratingly functionality future gap general generation get gets getting giving good got gradually group hacking half hands happening has hatinnovation have having head healthcare help here hipaa hit hold hours how however hygiene ideal ideas identified identify immediate immediately: implemented important impossible include industries industry infected infection infections informed infrastructure initial initiated innovation insecure instead interaction interim intermittently internet introduced invest investing investment investments involve isn’t isolating issue issues it’s itself just justify justifying keep keeping keyloggers know known larger last lately ldap leaked learning leave leaves legacy less lessons let’s level leverages like limit line lining links listen local logistical long look lost loud luxury machine machines maintain make makes making malicious malware manage management management™ many march maximum may means measures meets microsoft mind misbehavior mistake mitigating modern money monitoring monthly more more: more; most moving ms17 much naturally nature necessary need needed needs negligence nets network never new next normal not now nsa number oblivious occur occurs off old older one only open operations opportunity organization organizations other others out outages outbreak outdated overly own packaging pair part particular particularly patch patched patches patching pattern pay payload payloads payment peer percent phishing pieces pigeonhole pike place plan plans platitudes play pleas points policies policy popular port ports pose potential practices pressures prevent previously priority problem processes produce productive protect protected protecting protection protections proved proxy publicly pursuit question ransomware rare rather |
| Tags | |
| Stories | Wannacry |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.