Just another cyberattack
Today,
I was thinking to write about errors, overruns, collisions, etc that
we could have in network interfaces which are a mess for network
engineers and, most times, these issues are difficult to resolve
without a good troubleshooting process. However, this
weekend has been a little bit interesting because we have seen how
big companies like Telefonica, and many
others, has
been hit by Ransomware and it has been published to the media.
Therefore, I must write about this issue.
First, I
think it has been another spam and malware campaign, just another,
but this time, many Spanish companies have been affected, which some
of them are from the stock market IBEX35, and this has been the
reason why the media has been speaking about cyberattacks. However,
it's a pity that big companies like Telefonica hadn't applied the
patch on time. Maybe, they didn't have enough time to test the patch
MS17-010
published by Microsoft and they would rather take the risk to be
infected. Unfortunately, this time, their internal desktops were
compromised.
We are
always speaking that small companies doesn't have enough resources to
fight against cyberattacks but we can also see that big companies,
with lots of resources, have the same issues but on a large scale.
Meantime,
we have seen how shares were without any lost, which means investors
don't mind this kind of news.
 |
| Telefonica shares |
There are
many Microsoft products affected in these cyberattacks like IE10,
IE11, Edge, Microsoft .NET Framework, Adobe Flash Player, etc, etc
and most of them are installed by default in most of the Microsoft
Windows Operating Systems.
Due to the
high risk of these vulnerabilities, if you don't want to be infected
by HydraCrypter, which is a variant of WannaCry, you should applied
next measures to your organization:
- Limit the user connection to Internet and mail while your are applying patches and upgrading systems.
- Upgrade signatures of your security systems like AntiSpam, IDS/IPS and Antivirus.
- Apply security policies to Internet access with IPS and Antivirus profiles.
- Install security monitoring sensors to analyse traffic on the wild.
- Apply patches to fix the bugs published by Microsoft to desktops and servers.
- Make sure you have backups.
More
specific recommendations could be:
- We can disable file execution with .WNCRY extension by GPO.
- Isolate UDP 137/138 and TCP 139/445 communication inside the network.
- Disable macros and scripts to mail received. We can use Office Viewer instead of Microsoft Office to open attachments.
If we have
done the homework, we shouldn't be worried about this Ransomware
anymore. Why? Because most security systems have already published
signatures to block and detect this malware like, for instance,
Fortinet
or OTX
from Alienvault.
 |
| WannaCry Indicators from OTX |
Many
people are wondering about why last Friday was the day when these
vulnerabilities were exploited massively. Maybe, because last Friday
was when WikiLeaks
published “After Midnight” and “Assasin”, two CIA malware
frameworks for the Microsoft platform and, maybe, the
attackers have taken advantages of these frameworks to develop this
new malware.
 |
| Two CIA malware frameworks |
Regards
my friends, pay
attention, protect your assets and keep calm!!
More
info:
Commentaires
Enregistrer un commentaire