Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 30 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Thwarting Attacks: Back to Basics Best Practices

by The Gurus
June 21, 2017
in This Week's Gurus
Share on FacebookShare on Twitter

Most of us know what ransomware is: that thing that encrypts files, holds them for ransom, and (hopefully) decrypts them once the ransom is paid. If ransoms aren’t paid, however, files may be lost. It’s scary when the life of your organisation is in the hands of someone else, especially when you don’t have a recovery plan. But, that’s part of the problem. By discussing ransomware (and malware) attacks before they happen, organisations will be more prepared if or when an incident occurs.
It’s time to review several mitigation strategies that will not only help protect the business, they will also help combat threats posed by other malware families.
To start, let’s take a look at the most recent series of ransomware attacks: WannaCry. This strain of ransomware made headlines for leveraging a leaked NSA-grade exploit to infiltrate networks and hold them for ransom. The vulnerability targeted by WannaCry, known as MS17-010, had been patched and made universally available as part of a routine Microsoft software update several weeks before the ransomware was released, giving organisations ample time to implement a security patch.
Despite the fact that MS17-010 was rated as critical, in the wild, and being exploited — which is essentially the highest level of “that needs to be patched yesterday” — many organisations didn’t implement it in time. Thankfully for some organisations, basic-yet-effective security precautions were taken years before WannaCry’s conception.
How, you might ask?
The worms of yesteryear provide some insight. In 2004, Sasser wreaked havoc using MS04-011, an exploit in the LSASS process, via remote code execution. The worm spread like a wildfire via port 445 (sound familiar?) and crippled networks worldwide. Just one year prior, MS-Blast behaved similarly, worming into networks and spreading via phishing attachments and exploits. Systems and organisations were knocked offline due to the traffic, causing global damages. We should have learned our lessons then, but unfortunately, history repeats itself.
In 2008, computer worm Conficker hit millions of computers using MS08-067, a remote exploit targeting Windows systems and how they handle certain requests over port 445. (Again, sound familiar?) This attack was enough of a wake-up call for many organisations and ISPs to start blocking unnecessary inbound ports.
Learning from our — and others’ — oversights is exactly why it’s so important to conduct an after-action analysis following any cyber-attack or compromise. By looking back at WannaCry, we can see that a simple firewall block for inbound port 445 would have prevented most of the attacks.
One of the most common questions organisations are seeking to address in WannaCry’s aftermath is this: how does malware spread? While WannaCry used port 445 to propagate through networks from the internet, malware often spreads via phishing emails, so there’s a chance it could have been packaged inside of a zip file or remotely pulled down via a dropper of some sort. Attackers have also been known to put Javascript files into zip archives in order to bypass some security measures.
Microsoft Word documents containing macros are another type of dropper common among attackers. While some organisations may allow macros, doing so creates yet another “low-hanging-fruit” situation that many attackers have long been known to target.
Ultimately, these types of after-action exercises can enable organisations to maintain a defence-in-depth approach to security – even when other points may fail.
 
 
Written by Ronnie Tokazowski, Senior Malware Analyst, Flashpoint

FacebookTweetLinkedIn
Tags: Cyber AttackcybercrimecybersecurityMalwareRansomwaresecuritywannacry
ShareTweetShare
Previous Post

Futurice hires former easyJet CIO Trevor Didcock as first UK director

Next Post

Over Half of UK Small to Medium Sized Businesses Uncertain of Brexit Impact on GDPR

Recent News

cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information