Advertise

Attacks/Breaches

7/7/2017
12:50 PM

Kelly Sheridan
Slideshows

Connect Directly

4 comments
Comment Now

NotPetya: How to Prep and Respond if You're Hit

Security pros share practices to prepare and handle advanced malware attacks like NotPetya.

5 of 8

Respond: Detect the problem

The sooner you know about a problem, the sooner you can implement a disaster recovery plan and mitigate the damage. Pierson notes antivirus is a good first line of defense for endpoint protection, especially when configured according to specialized guides to protect certain file locations.

In addition, he says, there are several controls businesses can use to scan for files being encrypted en masse. Teams should be reviewing all of their controls, and using network or behavioral tools to accurately identify and block suspicious activity.

"Companies need to make sure they have the traditional signature-based defenses in place, but they must also have network anomaly-based tools that can sense the rapid encryption of system resources and shut down an attack in progress," Pierson says.

(Image: Sergey Nivens via Shutterstock)

5 of 8

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

50%

RobEnns,
User Rank: Author
7/13/2017 | 2:56:59 PM

Re: What about replicated COOP scenarios

Very good question, interested in the same.

Reply | Post Message | Messages List | Start a Board

50%

matt.trevors,
User Rank: Apprentice
7/12/2017 | 12:13:55 PM

We need to stop confusing end users

We in the security community have a very difficult time conveying the importance of various strategies and tactics to end users when it comes to securing their infrastructure. I believe it in part is because we aren't promoting a unified message. Instead, we tell them what we "think" are the right things to do. Instead, why don't you preach about the adoption of existing well-documented strategies and tactics? For instance, you could have pointed end users to the Center for Internet Security Critical Security Controls (formerly SANS 20) which would include standing up an incident response plan, patching boxes, and backing up high-value assets. Also, you could have pointed people to NIST 800-61 Computer Security Incident Handling Guide which would give them a good idea of how to stand up incident response capabilities for their organization (planning, detection & analysis, containment, eradication, recovery, and post-incident activities). Finally, you are dancing around the NIST Cybersecurity Framework which includes functions, categories, and subcategories that describe how to identify, protect, detect, respond, and recover.

As a community, we need to get better at getting our message across or things are never going to get better. To do that, we all need to get on the same page and back published standards. If you don't agree with the standards, most encourage community feedback.

Reply | Post Message | Messages List | Start a Board

50%

randyfromsd,
User Rank: Apprentice
7/11/2017 | 4:23:26 PM

Re: What about replicated COOP scenarios

Isolate the backup target from the network - make shares hidden so they aren't easily accessible - restrict user accounts - implement local\offsite backup.

Reply | Post Message | Messages List | Start a Board

50%

jenshadus,
User Rank: Strategist
7/10/2017 | 8:35:09 AM

What about replicated COOP scenarios

Just curious of how a malware attack would affect an active-active DR scenario. If the malware can infect a primary target, I would think it would affect the backup environment. And what would this do to the backup recovery plans? Sounds like the best bet is to still use tape backup.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 8/14/2020

Lock-Pickers Face an Uncertain Future Online

Seth Rosenblatt, Contributing Writer, 8/10/2020

Hacking It as a CISO: Advice for Security Leadership

Kelly Sheridan, Staff Editor, Dark Reading, 8/10/2020

Live Events

Webinars

Expert led sessions and real networking - Join us at Data Center World 2020: A Virtual Experience

Collaborate With IT Industry Leaders at Interop Digital, Oct. 5-8

More Informa Tech Live Events

White Papers

[Forrester Research] The State of Data Security & Privacy

[Cybersecurity] 6 Misconceptions About Collective Defense

Database Security in the Cloud

Master Peak Traffic with Performance Testing

It's baaaaack: Emotet has returned

More White Papers

Cartoon

Latest Comment: Check out our latest John Klossner cartoon...

Cartoon Archive

Current Issue

7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk

In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Changing Face of Threat Intelligence

This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!

Download Now!

The Threat from the Internet—and What Your Organization Can Do About It

0 comments

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

0 comments

State of Cybersecurity Incident Response

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-17475
PUBLISHED: 2020-08-14

Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.

CVE-2020-0255
PUBLISHED: 2020-08-14

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...

CVE-2020-14353
PUBLISHED: 2020-08-14

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...

CVE-2020-17464
PUBLISHED: 2020-08-14

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2020-17473
PUBLISHED: 2020-08-14

Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]