WannaCry Microsoft Vulnerability Attack – What Happened and How to Protect Your Organization?

May 15, 2017 · steveverbanic · · Comments

Last week the largest ransomware campaign in history was launched. The “WannaCry” malware targets a known vulnerability in Windows. However, what sets this malware apart is that it is spread with no interaction with users (a worm). As a result, over 200,000 users were victimized in about 150 countries. Despite the discovery and execution of a “kill switch”, the malware is still spreading and new variants are sure to follow.

So what happened? A new ransomware variant known as WannaCry spread rapidly across Microsoft Windows server and desktop operating systems by leveraging a Microsoft OS vulnerability (CVE-2017-0144) that was patched by Microsoft in March (MS17-010), but many organizations have yet to deploy the patch. Once a computer inside an organization is infected, the malware can spread to other computers with no user interaction (and it does so very quickly) by remotely exploiting a vulnerability known as ExternalBlue (CVE-2017-0144). AntiVirus vendors have created virus signatures for the known variants of this ransomware, but as is always the case, new variants are being release. Given the high risk associated with this threat, deploying the Microsoft MS17-010 patch should be of the highest priority. Expect typical delivery methods for this malware such as phishing and malvertising.

Wannacry is a perfect example of the importance of a holistic approach to security that SLAIT advocates throughout all of our clients. Effectively preventing the spread of worms like this one involves the use of a zero-trust design model (worms cannot easily spread in a properly segmented network), proper patching processes (patches for this threat were available in March), trained incident response staff (ours and/or yours working together) as well as the employment of a defense-in-depth security approach (firewalls, advanced endpoint protection, SIEM, etc.) utilizing security tools at multiple layers of the IT infrastructure.

Beyond keeping up with the latest security vendors, the SLAIT Consulting approach focuses on preemptively mitigating threats like these by addressing security at the design and process levels before deploying the most effective security tools available today. Our security team specializes in all aspects of the cyber security fields. This holistic approach to security is essential to protecting an organizations critical assets from all forms of cyber threats.

At SLAIT, we have established a full scope security practice whereby we provide maximum visibility and security services to our clients. If you are concerned and/or in need of assistance, please feel free to contact us at 1-800-761-6898 or via email at mary.chavez@slaitconsulting.com.