WannaCry happened due to slow patching

The fact about security updates is that organization will always lag behind to update their infrastructure when patches are released. Even so, too many organizations are taking too long to test and schedule, and they're paying the price.

Now, that WannaCry has created havoc across the world locking thousand of systems literally holding their operations. Organization from hospital to telecommunication, Auditing, Manufacturing have all got their computer locked by WannaCry.

Wannacry


This ransomware is a made in a way that spreads in your network using the flaw of Windows Server Message Block protocol, which was last patched by Microsoft in March 2017. ExternalBlue use this to exploit the flaw in Windows as part of hacking, which was dumped by the Shadow Brokers group.
 

Microsoft had last released the patch for Windows 10, but left out the earlier Windows server 2003 at risk. After "Wanna Cry" Microsoft had released updates for all the versions. Windows Server 2003 is already facing extinction, but some organization is still using this old system, which has already past the expiration date. An organization that is in Healthcare service need to be careful because many of this system cannot be updated to comply with the latest system.

Some system that WannaCry has seeped into are running on outdated OS, which anyway can't be fixed. IT teams in large organization are saying that it will take around 100-days to patch critical vulnerabilities. This gives the criminals the time to negotiate with the victim and extort money.

Why WannaCry is designed in such a way that their creators can quickly create a dangerous worm by incorporating the EternalBlue code into ransomware. While the news we hear is about attacks using zero-day flaws, but the network administrator are looking to stop it from entering their system, because it spreads fast. The specialty of Internet worms spread the infection and are capable to find other vulnerable hosts to infect in the same network. At this situation any administrator will only want to see if he can contain the malware from spreading even if it means compromising a single machine. This way he can save a large network from getting infected. Otherwise its know factor how much damage a ransomware can do.


Update Patch

Organization need to work smarter and faster if they want to test and make changes when the patches are released by the enterprise. The business operation should not be interrupted as and when they schedule the update shared resources like file servers. IT experts suggest that you can have parallel system working to solve this, a kind of redundancy, so that one system is patching and other system handling the load. This way your daily work is not interrupted. The other solution most viable solution is to have "Automatic Containment Technology" the only technology that brings battle tested solution. The threat containment solutions provide total protection against zero-day threats while having no impact on end-user experience or workflows. All untrusted processes and applications are automatically contained in a secure environment, allowing safe applications the freedom to run while denying malware the system access they require to deliver their payloads.

More worms in waiting

Slow patching

A lot of patches have been released recently, which means IT security are expecting more worms. The odds are high and IT team in all organizations are shielding their infrastructure with patches. Now that it is clear that WannaCry is using Shadow Brokers implants, the other criminals will be digging too deep to analyze the dump create more virus.

Accordingly to Kapil Khot of Qualys- The another potential exploit from this dump is Pass Freely, it has the capacity to bypass Oracle database authentication. The exploit patches the Oracle process (oracle.exe, oracle80.exe and oracle73.exe) in-memory to allow unauthenticated sessions to Oracle instance. The company's researchers were able to use the exploit to compromise Oracle version 11.2.0.1.0 64-bit on Windows Server 2008 R2 and access the database.

Location: New York, NY, USA

Comments

Post a Comment

Popular posts from this blog

PoS Hacker Awarded 27 Year Jail Sentence by US Court

Image
32-year old Valeryevich Seleznev, a Roman hacker, has been sentenced to serve 27 years in prison by a US court. It's the longest sentence handed down for hacking-related charges in the United States and has been awarded to the PoS hacker for the hacking-related crimes he had done, the vast credit card and identity theft operations which he did from his homes in Bali, Indonesia, and Vladivostok, Russia, and also for selling millions of credit card numbers on the black market.  PC: Net Valeryevich Seleznev has usually been targeting small businesses- including many US restaurants, he had reportedly planted malware in the networks of over 500  American businesses and 3,700 financial institutions. Federal prosecutors, who had asked for a 30-year sentence for  Valeryevich Seleznev, had presented at the trial enough evidence relating to the PoS security breaches that he had committed. Evidence was there that he had sent stolen credit card data from infecte...
Keep reading

Comparison of Remote Access Software Tools

Image
Remote desktop software, more accurately called  remote access software  or  remote control software , let you remotely control one computer from another. By  remote control  we truly mean  remote control  – you can take over the mouse and  keyboard and use the computer you've connected to just like your own. Remote desktop software is really useful for lots of situations, from helping your dad who lives 500 miles away, work through a computer issue, to remotely administering from your New York office the dozens of servers you run in a Singaporean data center! Generally, remotely accessing a computer requires that a piece of software be installed on the computer you want to connect to, called the  host . Once that's done, another computer or device with the right credentials, called the  client , can connect to the host and control it. Don't let the technical aspects of remote desktop software scare you away. The better fre...
Keep reading