Gabriel has been working in IT consulting for 12 years and serves privately-held clients in construction, professional services, and the healthcare industry, as well as several nonprofit clients. He offers expertise in…
What are the facts About WannaCry and Petya?
- While the initial impact was most significant in Europe, its impact has been global, including major U.S. corporations and government agencies.
- The attacks exploit a Microsoft security vulnerability for which a security patch was released in March.
- We know from our past experience that many clients’ IT leaders do not perform automatic patch updates for various reasons, some of which are valid and some of which are negligent.
- With valid reasons for not auto-updating, IT departments must be diligent in ensuring manual updates are timely and perform other mitigating actions to reduce potential impact of a breach.
- More often than not, executives (CEOs and CFOs) are not aware of the cybersecurity risk that might unnecessarily result from this exposure, and sometimes our clients’ IT providers are not fully aware of the changing risks/trends in cyberattacks and how to anticipate them.
- There will be copycats that try to exploit similar vulnerabilities in the future because WannaCry has exposed a weakness in IT governance and process that (we’ve learned from this attack) exists on a broad scale in companies and organizations of all sizes.
What can you do?
- Be 100% up to date with Microsoft security patch MS17-010, which will protect machines from this threat and others.
- Review all recent Microsoft security bulletins (https://technet.microsoft.com/en-us/library/security/mt745122.aspx), and determine which patches, fixes, and upgrades are applicable.
- Use a tool such as System Center Configuration Manager (SCCM) to block the creation of a file “C:\Windows\perfc” on Windows computers — Petya will reportedly install this file when infecting computers and cannot function properly without doing so.
- Disable Server Message Block (SMB) version 1 on Windows computers because this has been a source of security flaws for years (https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows). SMB is used for providing shared access to resources like files and printers; versions 2 and 3 of SMB can be used in lieu of version 1.
- Don’t pay the ransom for the Petya malware if infected because the email address has already been suspended. Krebs on Security has a good summary article on Petya.
- Have a conversation with one of our independent cybersecurity experts to assess whether your current processes, systems, and people really are up to speed with emerging threats. What is your comfort level with your cybersecurity practices? What else would you like to know or be assured of if our EKS&H cybersecurity experts could answer any question about your security environment?
New attacks continue to happen because protecting your environment can be complex with competing demands, risks, and trade-offs and because cybercriminals are always searching for new vulnerabilities — new gaps based upon conventional, widespread practices or behaviors.
Are you associated with an investment firm?
See our related article Why Investment Firms Are So Susceptible to Cyber-Attacks — and 3 Ways to Prevent Them by EKS&H Audit Partner Karla Whittenburg.