Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
WannaCry Remains No. 1 Ransomware Weapon
Threaded  |  Newest First  |  Oldest First
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/27/2019 | 2:30:45 PM
The most effective defense?
An educated user pool to start with with basic rules of email iusage.  Secondly a verified, vetted and tested  backup and restoration plan --- make sure it works.  Third are active patching and firewall monitoring.  All fall under the care of the internal IT staff and if they do not do these chores ..... well, Welcome to Hell.  
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/27/2019 | 2:33:48 PM
Re: The most effective defense?
All good points. But when their apps or processes still rely on antiquated OSes like Win7 and updating disrupts the biz, then some orgs just ride it out with security tools to catch these threats, etc.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/27/2019 | 2:54:38 PM
Re: The most effective defense?
True and the OS update issue is the responsibility of the IT staff and team to make clear and evident - THAT is their job and all too often, well, disrupting the business is just TOO HARD.  Like that patch that brought down Equifax.  Right?   I work with a CSirt team using great tools and while every firm and small business may not have access, it still has to be tackled as best allowed.  But keeping old W7 systems running now is asking for trouble.  As it was with XP ( of which alot of that is still out there on legacy boxes).  The IT staff has a daunting job sometimes but it is THEIR JOB and if they do not like it, there are always trade school courses on welding. 

Disclaimer: I am something of an expert on disaster recovery techniques when 18 years ago I had to walk down out of my office building in lower Manhattan and shortly later the data center on the 103rd floor of the south tower followed me down.  I am a survivor of that day from Aon, on the 101st floor, S-tower, of the World Trade Center.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:38:56 PM
Re: The most effective defense?
"True and the OS update issue is the responsibility of the IT staff and team to make clear and eviden"

It would be responsible in operational aspect of it but overall business is responsible of the security of the business

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:40:59 PM
Re: The most effective defense?
"But keeping old W7 systems running now is asking for trouble.  As it was with XP ( of which alot of that is still out there on legacy boxes)."

Agree. If there is a newer version of an operating system, there is no real reason using older version.

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:43:00 PM
Re: The most effective defense?
"The IT staff has a daunting job sometimes but it is THEIR JOB and if they do not like it, there are always trade school courses on welding."

This is really a good point it is good amount of effort needed to keep systems up-to-date

 

AndrewfOP
50%
50%
AndrewfOP,
User Rank: Moderator
8/28/2019 | 9:20:57 AM
Re: The most effective defense?
"All good points. But when their apps or processes still rely on antiquated OSes like Win7 and updating disrupts the biz, then some orgs just ride it out with security tools to catch these threats, etc."

While I sympathize with the familiarities of existing business tools on machines with old Window systems and the disruptions caused on replacing them, it's still no excuse not to plan for the future with new tools fitting business needs that would be compatible with the latest OS. Especially now that Microsoft seems to be getting out of making-new-Windows-to-make-money business, future disruptions to business should be minimal and all the more reason to get new tools with security features built in.

 
tdsan
50%
50%
tdsan,
User Rank: Ninja
8/28/2019 | 6:48:52 PM
Re: The most effective defense?
Andrew, I must agree with you, there is no excuse.

Companies are still holding on to Windows 7 (wow), this is what it means to be loyal to a fault or not have the personnel on staff to make this migration happen (holding on to the very end).

After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running Windows 7

I do think there are solutions to this problem, roll-out VDI solution and deploy desktops in a virtual session, this can be easily done without breaking the bank. VMware HorizonView or Citrix XenDesktop/XenApp work, if they want to go to the cloud, use WorkSpaces, there are a number of things they could have done.

At the end of the day, it is time to move off this platform, this says a lot about companies not taking into consideration the time and planning stages they could have planned to create a seamless migration process. When companies are hacked, the business owners, executive staff members should be removed from their position because they did not follow best practices and follow due-diligence.

Windows 7 End of Life

T
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:31:39 PM
Re: The most effective defense?
"Companies are still holding on to Windows 7"

Yes I'm working with a few other companies where they are still using Windows 7. It is running but will not be secure anymore. 

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:33:06 PM
Re: The most effective defense?
"When companies are hacked, the business owners, executive staff members should be removed from their position because they did not follow best practices and follow due-diligence."

I would say there should be some responsibilities, not everybody is directly involved into this type of activities such as upgrading Win 7.

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:34:19 PM
Re: The most effective defense?
"VMware HorizonView or Citrix XenDesktop/XenApp work, if they want to go to the cloud, use WorkSpaces"

I agree, that is true but they are very expensive at the same time.

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:36:10 PM
Re: The most effective defense?
"it's still no excuse not to plan for the future with new tools fitting business needs that would be compatible with the latest OS"

I would agree with this, there shouldn't be so much effort anyway as long as you standardized your upgrade process.

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:37:19 PM
Re: The most effective defense?
"future disruptions to business should be minimal and all the more reason to get new tools with security features built in."

Agree with this, if there's an outage business will lose more time and money.

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:44:17 PM
Re: The most effective defense?
"An educated user pool to start with with basic rules of email iusage. "

I think you made a very good point, it starts with the users.

 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/29/2019 | 1:29:02 PM
WannaCry

The main lesson is to keep the systems up to date, obvisuly. 

 

sudeshkumar
50%
50%
sudeshkumar,
User Rank: Apprentice
9/2/2019 | 7:22:05 AM
Re: WannaCry
I heard of this virus. few months ago it was one of the most famous virus. 


Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10560
PUBLISHED: 2020-03-30
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the S...
CVE-2020-5527
PUBLISHED: 2020-03-30
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource co...
CVE-2020-5551
PUBLISHED: 2020-03-30
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the re...
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.