SlideShare ist ein Scribd-Unternehmen logo

Global Ransomware Attacks

•
•
E
Emily Brown

The recent global cyber attack using WannaCry ransomware reminds us that proper information security hygiene and appropriate back-up management and software patching protocols are critical to attack prevention and loss minimization.

Wirtschaft & Finanzen
1 von 2
Downloaden Sie, um offline zu lesen
GLOBAL RANSOMWARE ATTACKS - WANNACRY URGENT CLIENT ALERT! TherecentglobalcyberattackusingWannaCryransomwarereminds usthatproperinformationsecurityhygieneandappropriateback-up management and software patching protocols are critical to attack prevention and loss minimization. To refresh, a ransomware attack spread throughout the world over the weekend, infecting systems in over 150 countries. The attack used software code stolen from the National Security Agency that was posted online. WHAT DOES THIS ATTACK MEAN? What is interesting about this is how different it is and the precedent it is setting. This is the second known usage of a hacking toolset leaked from the NSA in 2017. It is the first time it was used to execute this type of large scale extortion en masse. The hacking toolset was tweaked just slightly and relatively quickly. Attackers had to strike blitzkrieg-style – all at once and against many locations -sincetheywerefullyawarethatafixwouldberelativelysimple.So, itisclearthatthiswasacoordinatedandplannedevent,designedto take advantage of a hunting technique within the attack itself that is constantly looking for additional targets. That is why it propagated so quickly and why, eventually, it will reach every part of the globe. As already reported, this attack is primarily affecting Russia, Eastern Europe, UK and Taiwan, which is an incredibly interesting mix - the outliers in this initial attack were clearly Taiwan and the UK. While we cannot know for sure, this could have just been opportunistic, or possibly,agameofmisdirectionintendedtoobfuscateanyattemptat attribution. The attack itself is new and unique, but not sophisticated. Microsoft, for the most part, released a patch for this exploit one month ago. Bottom line: the attackers behind this operation developed an attack based upon new techniques disclosed in the NSA leak and they preyed upon companies and their machines that remained unpatched. In a sense, it was very avoidable. InsuranceServices Global Resources - Client Focused MORE ON THE “HUNTER MODULE” This is an exploitive feature that scans for any vulnerable systems within a target organization’s ecosystem. Companies that have adhered to the best patching protocols could still be accessed through connections with their supply chain and external vendors who have vulnerable devices. All the attackers need is one hook (one weak machine) and then they can swim laterally within the networktocausemaximumdamage.Asthesayinggoes,“anetwork is only as secure as the least secure network connected to it.” WHAT’S NEXT? This is just the beginning. We can assume that the attackers used this as a pilot project and that they will adapt based on what they learned with this effort. The NSA toolset that was leaked was vast and there are people analyzing these tools and working on ways to alter them slightly for their own nefarious purposes. The key will be knowledgeofthetechniquesandpersistentpatchingandupgrading worldwide. But, keep in mind, not all of the tools the NSA used involved unpatched computers - far from it. This hack was built to exploit the blind spots in traditional security. Even though responders were able to identify and activate a kill switch (safety valve) that was embedded by the attackers, this is no panacea and will be bypassed soon. Hackers have adapted based on what they learned from this past attack and we can expect the next wave within 24 hours. Plus, you should note that corporations do not benefit from the kill switch since it takes advantage of a network protocol that most large corporations do not use. In other words, private citizens are currently safer but companies must be hyper-vigilant.
In collaboration with our external cyber security advisors, please review the following tips carefully with your Incident Response Team (IRT) 3605 Glenwood Avenue, Suite 190 | Raleigh, NC 27612 (800) 821-1284 | www.insurance.bbt.com ©2017 BB&T Insurance Services, Inc. InsuranceServices Global Resources - Client Focused Timely patching is a must. Do not leave it up to a third partyanddonotputitonadelayedschedule.Malicious actors conducting pre-attack surveillance can very easily determine patch state of hardware and software as well as exposed TCP/IP protocols such as Port 445. Back-ups will be critical to your survival – prioritize data and systems that must be redundant for your business needs and for compliance with legal and regulatory duties around the protection of the data of your clients, patients, customers and employees. Ensure that legacy preventative controls such as anti-virus and firewalls are deployed and properly configured. Audit and reduce privileged account holders to only those necessary. Sunset (retire) outdated equipment and software – if you do not maintain it, get rid of it. And, if the vendor no longer supports it, upgrade to a higher version immediately. Take out of use equipment offline – disconnect and/or shutdown machines that are no longer in use. Conduct targeted susceptibility training with your employees (i.e. spear phishing tests) and incorporate awareness methodologies into the training curriculum so that employees are kept updated on current and emerging threats. Manage your supply chain, hold them to the highest informationsecuritystandardsandauditthemregularly. Be diligent in your threat awareness and continually update your Incident Response Team. 1 6 7 8 9 2 3 4 5 KNOW YOUR INSURANCE POLICY • Check your K&R policy for possible coverage; note deductibles (maybe none?) and policy limits available for ransomware events (sub-limits?); review and advise internal resources what the event notice obligations are and whether you will have access to cyber security specialists provided by your insurer; • Check your cyber policy for reporting obligations, policy limit and retention; verify whether you must have insurer consent prior to engaging any cyber security resources; discuss with your internal resources whether you want to use insurer pre-approved vendors or if you would retain your own specialists; seek and obtain insurer consent to use your own vendors prior to any event; make certain your IRT fully understands insurance policy requirements and seeks Risk Management advice immediately upon detection of any suspected or actual cyber incident. • Many cyber policies contain exclusions or coverage limitations for losses arising out of the “failure to maintain minimum security standards” or “failure to patch or remediate software errors or vulnerabilities”. Talk to your broker and check your policy wording; ideally, it’s best to not have these exclusions or to secure a carve-back for otherwise covered loss (i.e. limit exclusion to the costs to patch or remediate). THE THREAT CONTINUES According to our threat monitoring experts, current sensors are showing more than 1.5 million machines worldwide that are still vulnerable to this attack (unless they have been patched properly in the last 24-48 hours). Beware that once the hackers relaunch and remove the kill switch, all 1.5 million (or the remaining machines that have not been patched) could, in theory, become infected.

Empfohlen

Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetInnovation Network Technologies: InNet
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 

Empfohlen

Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetInnovation Network Technologies: InNet
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewInnovation Network Technologies: InNet
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On TrainingTonex
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3Edward Johnson
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDSSylvain Martinez
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Network Security
Network SecurityNetwork Security
Network SecurityUnited Nations Development Program
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Select idps
Select idpsSelect idps
Select idpsInfo-Tech Research Group
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On TrainingTonex
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3Edward Johnson
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 

Was ist angesagt? (20)

The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-Overview
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On Training
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Network Security
Network SecurityNetwork Security
Network Security
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 

Ă„hnlich wie Global Ransomware Attacks

Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfforladies
 
Cybersecurity: Take Back Control
Cybersecurity: Take Back ControlCybersecurity: Take Back Control
Cybersecurity: Take Back ControlICF
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthingsPrayukth K V
 
Cylance_Protect_Datasheet
Cylance_Protect_DatasheetCylance_Protect_Datasheet
Cylance_Protect_DatasheetTiana Henriks
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01rajkumar jonuboyena
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentOllie Whitehouse
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldnetwealthInvest
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 

Ă„hnlich wie Global Ransomware Attacks (20)

Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Select idps
Select idpsSelect idps
Select idps
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdf
 
Cybersecurity: Take Back Control
Cybersecurity: Take Back ControlCybersecurity: Take Back Control
Cybersecurity: Take Back Control
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthings
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Cylance_Protect_Datasheet
Cylance_Protect_DatasheetCylance_Protect_Datasheet
Cylance_Protect_Datasheet
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
 
NCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat AssessmentNCC Group Pro-active Breach Discovery: Network Threat Assessment
NCC Group Pro-active Breach Discovery: Network Threat Assessment
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 

KĂĽrzlich hochgeladen

OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxhiddenlevers
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
Call US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure servicePooja Nehwal
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...ssifa0344
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...ssifa0344
 
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfGale Pooley
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Roomdivyansh0kumar0
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfGale Pooley
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Delhi Call girls
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...Suhani Kapoor
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 

KĂĽrzlich hochgeladen (20)

OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
Call US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US đź“ž 9892124323 âś… Kurla Call Girls In Kurla ( Mumbai ) secure service
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdf
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdf
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | â‚ą5k To 25k With Room...
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 

Global Ransomware Attacks

  • 1. GLOBAL RANSOMWARE ATTACKS - WANNACRY URGENT CLIENT ALERT! TherecentglobalcyberattackusingWannaCryransomwarereminds usthatproperinformationsecurityhygieneandappropriateback-up management and software patching protocols are critical to attack prevention and loss minimization. To refresh, a ransomware attack spread throughout the world over the weekend, infecting systems in over 150 countries. The attack used software code stolen from the National Security Agency that was posted online. WHAT DOES THIS ATTACK MEAN? What is interesting about this is how different it is and the precedent it is setting. This is the second known usage of a hacking toolset leaked from the NSA in 2017. It is the first time it was used to execute this type of large scale extortion en masse. The hacking toolset was tweaked just slightly and relatively quickly. Attackers had to strike blitzkrieg-style – all at once and against many locations -sincetheywerefullyawarethatafixwouldberelativelysimple.So, itisclearthatthiswasacoordinatedandplannedevent,designedto take advantage of a hunting technique within the attack itself that is constantly looking for additional targets. That is why it propagated so quickly and why, eventually, it will reach every part of the globe. As already reported, this attack is primarily affecting Russia, Eastern Europe, UK and Taiwan, which is an incredibly interesting mix - the outliers in this initial attack were clearly Taiwan and the UK. While we cannot know for sure, this could have just been opportunistic, or possibly,agameofmisdirectionintendedtoobfuscateanyattemptat attribution. The attack itself is new and unique, but not sophisticated. Microsoft, for the most part, released a patch for this exploit one month ago. Bottom line: the attackers behind this operation developed an attack based upon new techniques disclosed in the NSA leak and they preyed upon companies and their machines that remained unpatched. In a sense, it was very avoidable. InsuranceServices Global Resources - Client Focused MORE ON THE “HUNTER MODULE” This is an exploitive feature that scans for any vulnerable systems within a target organization’s ecosystem. Companies that have adhered to the best patching protocols could still be accessed through connections with their supply chain and external vendors who have vulnerable devices. All the attackers need is one hook (one weak machine) and then they can swim laterally within the networktocausemaximumdamage.Asthesayinggoes,“anetwork is only as secure as the least secure network connected to it.” WHAT’S NEXT? This is just the beginning. We can assume that the attackers used this as a pilot project and that they will adapt based on what they learned with this effort. The NSA toolset that was leaked was vast and there are people analyzing these tools and working on ways to alter them slightly for their own nefarious purposes. The key will be knowledgeofthetechniquesandpersistentpatchingandupgrading worldwide. But, keep in mind, not all of the tools the NSA used involved unpatched computers - far from it. This hack was built to exploit the blind spots in traditional security. Even though responders were able to identify and activate a kill switch (safety valve) that was embedded by the attackers, this is no panacea and will be bypassed soon. Hackers have adapted based on what they learned from this past attack and we can expect the next wave within 24 hours. Plus, you should note that corporations do not benefit from the kill switch since it takes advantage of a network protocol that most large corporations do not use. In other words, private citizens are currently safer but companies must be hyper-vigilant.
  • 2. In collaboration with our external cyber security advisors, please review the following tips carefully with your Incident Response Team (IRT) 3605 Glenwood Avenue, Suite 190 | Raleigh, NC 27612 (800) 821-1284 | www.insurance.bbt.com ©2017 BB&T Insurance Services, Inc. InsuranceServices Global Resources - Client Focused Timely patching is a must. Do not leave it up to a third partyanddonotputitonadelayedschedule.Malicious actors conducting pre-attack surveillance can very easily determine patch state of hardware and software as well as exposed TCP/IP protocols such as Port 445. Back-ups will be critical to your survival – prioritize data and systems that must be redundant for your business needs and for compliance with legal and regulatory duties around the protection of the data of your clients, patients, customers and employees. Ensure that legacy preventative controls such as anti-virus and firewalls are deployed and properly configured. Audit and reduce privileged account holders to only those necessary. Sunset (retire) outdated equipment and software – if you do not maintain it, get rid of it. And, if the vendor no longer supports it, upgrade to a higher version immediately. Take out of use equipment offline – disconnect and/or shutdown machines that are no longer in use. Conduct targeted susceptibility training with your employees (i.e. spear phishing tests) and incorporate awareness methodologies into the training curriculum so that employees are kept updated on current and emerging threats. Manage your supply chain, hold them to the highest informationsecuritystandardsandauditthemregularly. Be diligent in your threat awareness and continually update your Incident Response Team. 1 6 7 8 9 2 3 4 5 KNOW YOUR INSURANCE POLICY • Check your K&R policy for possible coverage; note deductibles (maybe none?) and policy limits available for ransomware events (sub-limits?); review and advise internal resources what the event notice obligations are and whether you will have access to cyber security specialists provided by your insurer; • Check your cyber policy for reporting obligations, policy limit and retention; verify whether you must have insurer consent prior to engaging any cyber security resources; discuss with your internal resources whether you want to use insurer pre-approved vendors or if you would retain your own specialists; seek and obtain insurer consent to use your own vendors prior to any event; make certain your IRT fully understands insurance policy requirements and seeks Risk Management advice immediately upon detection of any suspected or actual cyber incident. • Many cyber policies contain exclusions or coverage limitations for losses arising out of the “failure to maintain minimum security standards” or “failure to patch or remediate software errors or vulnerabilities”. Talk to your broker and check your policy wording; ideally, it’s best to not have these exclusions or to secure a carve-back for otherwise covered loss (i.e. limit exclusion to the costs to patch or remediate). THE THREAT CONTINUES According to our threat monitoring experts, current sensors are showing more than 1.5 million machines worldwide that are still vulnerable to this attack (unless they have been patched properly in the last 24-48 hours). Beware that once the hackers relaunch and remove the kill switch, all 1.5 million (or the remaining machines that have not been patched) could, in theory, become infected.