With the breaking news of a global ransomware attack hitting organisations across Europe and the US, Paul Edon, Director at Tripwire commented below.
Paul Edon, Director at Tripwire:
“Tuesdays cyber-attacks that caused disruption to Ukrainian Banks, Ukrenergo Power Distribution and other Ukrainian commercial business appears to have gained initial entry via a phishing attack and then spread across systems by means of the EternalBlue exploit.
“Phishing attacks are common-place and currently represent the most successful entry point leading to a successful breach. Foundational Controls such as Email and Web filtering combined with comprehensive workforce education will greatly reduce the success of these attacks. Email and Web filtering can recognise and block malicious URL access and quarantining suspicious attachments. Workforce education will help users identify phishing email, deter them from clicking on unknown or unexpected attachments, discourage the access of unknown URL’s, and assist staff to recognise unusual system activity.
“EternalBlue exploits a known vulnerability within the Microsoft Server Message Block (SMB v1) protocol, which allows attackers to execute arbitrary code using specially crafted packets. Microsoft originally released a patch for supported Microsoft Operating Systems in mid-March 2017. After the WannaCry ransomware attacks which also used EternalBlue to traverse networks Microsoft released a further patch for legacy operating systems such as Windows XP and Windows Server 2003. Patch Management is a Foundational Control that forms an important part of the technical security strategy. If for reasons of legacy or critical operations these patches cannot be deployed then it is crucial that organisations assess the risk accordingly and use further mitigating controls to monitor and protect those systems.”