In 2017, there were two major cyber warfare attacks that had international implications. We’ve learned a lot about cybersecurity threats since then, but it remains an important reminder of the consequences of security weaknesses. Let's take a look back at what we've learned.
What were the facts about WannaCry and Petya?
- While the initial impact was most significant in Europe, its impact was global, including major U.S. corporations and government agencies.
- The attacks exploited a Microsoft security vulnerability for which a security patch was released in March of that year.
- We know from past experience that many clients’ IT leaders don’t perform automatic patch updates for various reasons — some of which are valid and negligent.
- With valid reasons for not auto-updating, IT departments must be diligent in ensuring manual updates are timely and perform other mitigating actions to reduce potential impacts of a breach.
- More often than not, executives (CEOs and CFOs) are unaware of the cybersecurity risk that might unnecessarily result from this exposure, and sometimes our clients’ IT providers aren’t fully aware of the changing risks/trends in cyberattacks and how to anticipate them.
- There will be copycats that try to exploit similar vulnerabilities in the future because WannaCry exposed a weakness in IT governance and process that (we’ve learned from this attack) exists on a broad scale in companies and organizations of all sizes.
What can you do?
- Be 100 percent up to date with Microsoft security patch MS17-010, which will protect machines from this threat and others.
- Review all recent Microsoft security bulletins, and determine which patches, fixes, and upgrades are applicable.
- Use a tool such as System Center Configuration Manager (SCCM) to block the creation of a file “C:\Windows\perfc” on Windows computers — Petya will reportedly install this file when infecting computers and cannot function properly without doing so.
- Disable Server Message Block (SMB) version 1 on Windows computers because this has been a source of security flaws for years. SMB is used for providing shared access to resources like files and printers; versions 2 and 3 of SMB can be used in lieu of version 1.
- Don’t pay the ransom for the Petya malware if infected because the email address has already been suspended. Krebs on Security has a good summary article on Petya.
- Have a conversation with one of our independent cybersecurity experts to assess whether your current processes, systems, and people really are up to speed with emerging threats. What is your comfort level with your cybersecurity practices? What else would you like to know or be assured of if our cybersecurity experts could answer any question about your security environment?
New attacks continue to happen because protecting your environment can be complex with competing demands, risks, and trade-offs, and because cybercriminals are always searching for new vulnerabilities — new gaps based on conventional, widespread practices or behaviors.