SlideShare ist ein Scribd-Unternehmen logo
1 von 2
Downloaden Sie, um offline zu lesen
GLOBAL RANSOMWARE ATTACKS - WANNACRY
McGRIFF, SEIBELS & WILLIAMS, INC.
URGENT CLIENT ALERT!
TherecentglobalcyberattackusingWannaCryransomwarereminds
usthatproperinformationsecurityhygieneandappropriateback-up
management and software patching protocols are critical to attack
prevention and loss minimization. To refresh, a ransomware attack
spread throughout the world over the weekend, infecting systems
in over 150 countries. The attack used software code stolen from
the National Security Agency that was posted online.
WHAT DOES THIS ATTACK MEAN?
What is interesting about this is how different it is and the
precedent it is setting. This is the second known usage of a hacking
toolset leaked from the NSA in 2017. It is the first time it was used
to execute this type of large scale extortion en masse. The hacking
toolset was tweaked just slightly and relatively quickly. Attackers
had to strike blitzkrieg-style – all at once and against many locations
-sincetheywerefullyawarethatafixwouldberelativelysimple.So,
itisclearthatthiswasacoordinatedandplannedevent,designedto
take advantage of a hunting technique within the attack itself that is
constantly looking for additional targets. That is why it propagated
so quickly and why, eventually, it will reach every part of the globe.
As already reported, this attack is primarily affecting Russia, Eastern
Europe, UK and Taiwan, which is an incredibly interesting mix - the
outliers in this initial attack were clearly Taiwan and the UK. While
we cannot know for sure, this could have just been opportunistic, or
possibly,agameofmisdirectionintendedtoobfuscateanyattemptat
attribution. The attack itself is new and unique, but not sophisticated.
Microsoft, for the most part, released a patch for this exploit
one month ago. Bottom line: the attackers behind this operation
developed an attack based upon new techniques disclosed in the
NSA leak and they preyed upon companies and their machines that
remained unpatched. In a sense, it was very avoidable.
MORE ON THE “HUNTER MODULE”
This is an exploitive feature that scans for any vulnerable systems
within a target organization’s ecosystem. Companies that have
adhered to the best patching protocols could still be accessed
through connections with their supply chain and external vendors
who have vulnerable devices. All the attackers need is one hook
(one weak machine) and then they can swim laterally within the
networktocausemaximumdamage.Asthesayinggoes,“anetwork
is only as secure as the least secure network connected to it.”
WHAT’S NEXT?
This is just the beginning. We can assume that the attackers used
this as a pilot project and that they will adapt based on what they
learned with this effort. The NSA toolset that was leaked was vast
and there are people analyzing these tools and working on ways to
alter them slightly for their own nefarious purposes. The key will be
knowledgeofthetechniquesandpersistentpatchingandupgrading
worldwide. But, keep in mind, not all of the tools the NSA used
involved unpatched computers - far from it. This hack was built to
exploit the blind spots in traditional security.
Even though responders were able to identify and activate a kill
switch (safety valve) that was embedded by the attackers, this
is no panacea and will be bypassed soon. Hackers have adapted
based on what they learned from this past attack and we can
expect the next wave within 24 hours. Plus, you should note that
corporations do not benefit from the kill switch since it takes
advantage of a network protocol that most large corporations
do not use. In other words, private citizens are currently safer
but companies must be hyper-vigilant.
In collaboration with our external cyber security advisors,
please review the following tips carefully with your Incident
Response Team (IRT)
One Premier Plaza, Suite 500 | 5605 Glenridge Drive | Atlanta, GA 30342
(800) 476-2541 | (404) 497-7500 | www.mcgriff.com
©2017 McGriff, Seibels & Williams, Inc.
McGRIFF, SEIBELS & WILLIAMS, INC.
Timely patching is a must. Do not leave it up to a third
partyanddonotputitonadelayedschedule.Malicious
actors conducting pre-attack surveillance can very
easily determine patch state of hardware and software
as well as exposed TCP/IP protocols such as Port 445.
Back-ups will be critical to your survival – prioritize data
and systems that must be redundant for your business
needs and for compliance with legal and regulatory
duties around the protection of the data of your clients,
patients, customers and employees.
Ensure that legacy preventative controls such as
anti-virus and firewalls are deployed and properly
configured.
Audit and reduce privileged account holders to only
those necessary.
Sunset (retire) outdated equipment and software – if
you do not maintain it, get rid of it. And, if the vendor
no longer supports it, upgrade to a higher version
immediately.
Take out of use equipment offline – disconnect and/or
shutdown machines that are no longer in use.
Conduct targeted susceptibility training with your
employees (i.e. spear phishing tests) and incorporate
awareness methodologies into the training
curriculum so that employees are kept updated on
current and emerging threats.
Manage your supply chain, hold them to the highest
informationsecuritystandardsandauditthemregularly.
Be diligent in your threat awareness and continually
update your Incident Response Team.
1 6
7
8
9
2
3
4
5
KNOW YOUR INSURANCE POLICY
• Check your K&R policy for possible coverage; note deductibles (maybe none?) and policy limits available for ransomware events
(sub-limits?); review and advise internal resources what the event notice obligations are and whether you will have access to
cyber security specialists provided by your insurer;
• Check your cyber policy for reporting obligations, policy limit and retention; verify whether you must have insurer consent prior
to engaging any cyber security resources; discuss with your internal resources whether you want to use insurer pre-approved
vendors or if you would retain your own specialists; seek and obtain insurer consent to use your own vendors prior to any event;
make certain your IRT fully understands insurance policy requirements and seeks Risk Management advice immediately upon
detection of any suspected or actual cyber incident.
• Many cyber policies contain exclusions or coverage limitations for losses arising out of the “failure to maintain minimum security
standards” or “failure to patch or remediate software errors or vulnerabilities”. Talk to your broker and check your policy
wording; ideally, it’s best to not have these exclusions or to secure a carve-back for otherwise covered loss (i.e. limit exclusion to
the costs to patch or remediate).
THE THREAT CONTINUES
According to our threat monitoring experts, current sensors are showing more than 1.5 million machines worldwide that are still
vulnerable to this attack (unless they have been patched properly in the last 24-48 hours). Beware that once the hackers relaunch
and remove the kill switch, all 1.5 million (or the remaining machines that have not been patched) could, in theory, become infected.

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Damballa automated breach defense june 2014
Damballa automated breach defense   june 2014Damballa automated breach defense   june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Cylance_Protect_Datasheet
Cylance_Protect_DatasheetCylance_Protect_Datasheet
Cylance_Protect_DatasheetTiana Henriks
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 

Was ist angesagt? (20)

Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Damballa automated breach defense june 2014
Damballa automated breach defense   june 2014Damballa automated breach defense   june 2014
Damballa automated breach defense june 2014
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security Fabric
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Shadow IT
Shadow ITShadow IT
Shadow IT
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Cylance_Protect_Datasheet
Cylance_Protect_DatasheetCylance_Protect_Datasheet
Cylance_Protect_Datasheet
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 

Ähnlich wie Global Ransomware Client Alert

Network Security Practices Essay
Network Security Practices EssayNetwork Security Practices Essay
Network Security Practices EssayTina Williams
 
Cybersecurity: Take Back Control
Cybersecurity: Take Back ControlCybersecurity: Take Back Control
Cybersecurity: Take Back ControlICF
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Industry_Brief_TrapX_Banking_Finance
Industry_Brief_TrapX_Banking_FinanceIndustry_Brief_TrapX_Banking_Finance
Industry_Brief_TrapX_Banking_FinanceTony Zirnoon, CISSP
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint ProtectionMustafa YÜKSEL
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Industry_Brief_TrapX_Medical_Devices
Industry_Brief_TrapX_Medical_DevicesIndustry_Brief_TrapX_Medical_Devices
Industry_Brief_TrapX_Medical_DevicesTony Zirnoon, CISSP
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxCNSHacking
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthingsPrayukth K V
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 

Ähnlich wie Global Ransomware Client Alert (20)

Network Security Practices Essay
Network Security Practices EssayNetwork Security Practices Essay
Network Security Practices Essay
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
Cybersecurity: Take Back Control
Cybersecurity: Take Back ControlCybersecurity: Take Back Control
Cybersecurity: Take Back Control
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Industry_Brief_TrapX_Banking_Finance
Industry_Brief_TrapX_Banking_FinanceIndustry_Brief_TrapX_Banking_Finance
Industry_Brief_TrapX_Banking_Finance
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Industry_Brief_TrapX_Medical_Devices
Industry_Brief_TrapX_Medical_DevicesIndustry_Brief_TrapX_Medical_Devices
Industry_Brief_TrapX_Medical_Devices
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthings
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 

Kürzlich hochgeladen

PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfHajeJanKamps
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBBPMedia1
 
MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhangmcgroupjeya
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Winbusinessin
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023Steve Rader
 
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptxChapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptxesiyasmengesha
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentationbaron83
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessQ2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessAPCO
 
Entrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsEntrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsP&CO
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Scrum Events & How to run them effectively
Scrum Events & How to run them effectivelyScrum Events & How to run them effectively
Scrum Events & How to run them effectivelyMarianna Nakou
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 

Kürzlich hochgeladen (20)

PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdf
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
 
WAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdfWAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdf
 
MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhang
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023
 
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptxChapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentation
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessQ2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
 
Entrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizationsEntrepreneurship & organisations: influences and organizations
Entrepreneurship & organisations: influences and organizations
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Scrum Events & How to run them effectively
Scrum Events & How to run them effectivelyScrum Events & How to run them effectively
Scrum Events & How to run them effectively
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 

Global Ransomware Client Alert

  • 1. GLOBAL RANSOMWARE ATTACKS - WANNACRY McGRIFF, SEIBELS & WILLIAMS, INC. URGENT CLIENT ALERT! TherecentglobalcyberattackusingWannaCryransomwarereminds usthatproperinformationsecurityhygieneandappropriateback-up management and software patching protocols are critical to attack prevention and loss minimization. To refresh, a ransomware attack spread throughout the world over the weekend, infecting systems in over 150 countries. The attack used software code stolen from the National Security Agency that was posted online. WHAT DOES THIS ATTACK MEAN? What is interesting about this is how different it is and the precedent it is setting. This is the second known usage of a hacking toolset leaked from the NSA in 2017. It is the first time it was used to execute this type of large scale extortion en masse. The hacking toolset was tweaked just slightly and relatively quickly. Attackers had to strike blitzkrieg-style – all at once and against many locations -sincetheywerefullyawarethatafixwouldberelativelysimple.So, itisclearthatthiswasacoordinatedandplannedevent,designedto take advantage of a hunting technique within the attack itself that is constantly looking for additional targets. That is why it propagated so quickly and why, eventually, it will reach every part of the globe. As already reported, this attack is primarily affecting Russia, Eastern Europe, UK and Taiwan, which is an incredibly interesting mix - the outliers in this initial attack were clearly Taiwan and the UK. While we cannot know for sure, this could have just been opportunistic, or possibly,agameofmisdirectionintendedtoobfuscateanyattemptat attribution. The attack itself is new and unique, but not sophisticated. Microsoft, for the most part, released a patch for this exploit one month ago. Bottom line: the attackers behind this operation developed an attack based upon new techniques disclosed in the NSA leak and they preyed upon companies and their machines that remained unpatched. In a sense, it was very avoidable. MORE ON THE “HUNTER MODULE” This is an exploitive feature that scans for any vulnerable systems within a target organization’s ecosystem. Companies that have adhered to the best patching protocols could still be accessed through connections with their supply chain and external vendors who have vulnerable devices. All the attackers need is one hook (one weak machine) and then they can swim laterally within the networktocausemaximumdamage.Asthesayinggoes,“anetwork is only as secure as the least secure network connected to it.” WHAT’S NEXT? This is just the beginning. We can assume that the attackers used this as a pilot project and that they will adapt based on what they learned with this effort. The NSA toolset that was leaked was vast and there are people analyzing these tools and working on ways to alter them slightly for their own nefarious purposes. The key will be knowledgeofthetechniquesandpersistentpatchingandupgrading worldwide. But, keep in mind, not all of the tools the NSA used involved unpatched computers - far from it. This hack was built to exploit the blind spots in traditional security. Even though responders were able to identify and activate a kill switch (safety valve) that was embedded by the attackers, this is no panacea and will be bypassed soon. Hackers have adapted based on what they learned from this past attack and we can expect the next wave within 24 hours. Plus, you should note that corporations do not benefit from the kill switch since it takes advantage of a network protocol that most large corporations do not use. In other words, private citizens are currently safer but companies must be hyper-vigilant.
  • 2. In collaboration with our external cyber security advisors, please review the following tips carefully with your Incident Response Team (IRT) One Premier Plaza, Suite 500 | 5605 Glenridge Drive | Atlanta, GA 30342 (800) 476-2541 | (404) 497-7500 | www.mcgriff.com ©2017 McGriff, Seibels & Williams, Inc. McGRIFF, SEIBELS & WILLIAMS, INC. Timely patching is a must. Do not leave it up to a third partyanddonotputitonadelayedschedule.Malicious actors conducting pre-attack surveillance can very easily determine patch state of hardware and software as well as exposed TCP/IP protocols such as Port 445. Back-ups will be critical to your survival – prioritize data and systems that must be redundant for your business needs and for compliance with legal and regulatory duties around the protection of the data of your clients, patients, customers and employees. Ensure that legacy preventative controls such as anti-virus and firewalls are deployed and properly configured. Audit and reduce privileged account holders to only those necessary. Sunset (retire) outdated equipment and software – if you do not maintain it, get rid of it. And, if the vendor no longer supports it, upgrade to a higher version immediately. Take out of use equipment offline – disconnect and/or shutdown machines that are no longer in use. Conduct targeted susceptibility training with your employees (i.e. spear phishing tests) and incorporate awareness methodologies into the training curriculum so that employees are kept updated on current and emerging threats. Manage your supply chain, hold them to the highest informationsecuritystandardsandauditthemregularly. Be diligent in your threat awareness and continually update your Incident Response Team. 1 6 7 8 9 2 3 4 5 KNOW YOUR INSURANCE POLICY • Check your K&R policy for possible coverage; note deductibles (maybe none?) and policy limits available for ransomware events (sub-limits?); review and advise internal resources what the event notice obligations are and whether you will have access to cyber security specialists provided by your insurer; • Check your cyber policy for reporting obligations, policy limit and retention; verify whether you must have insurer consent prior to engaging any cyber security resources; discuss with your internal resources whether you want to use insurer pre-approved vendors or if you would retain your own specialists; seek and obtain insurer consent to use your own vendors prior to any event; make certain your IRT fully understands insurance policy requirements and seeks Risk Management advice immediately upon detection of any suspected or actual cyber incident. • Many cyber policies contain exclusions or coverage limitations for losses arising out of the “failure to maintain minimum security standards” or “failure to patch or remediate software errors or vulnerabilities”. Talk to your broker and check your policy wording; ideally, it’s best to not have these exclusions or to secure a carve-back for otherwise covered loss (i.e. limit exclusion to the costs to patch or remediate). THE THREAT CONTINUES According to our threat monitoring experts, current sensors are showing more than 1.5 million machines worldwide that are still vulnerable to this attack (unless they have been patched properly in the last 24-48 hours). Beware that once the hackers relaunch and remove the kill switch, all 1.5 million (or the remaining machines that have not been patched) could, in theory, become infected.