A massive cyberattack made news last week affecting computers across the globe. The attack, known as WannaCry is a form or ransomware that primarily attacked older systems, especially those that are not fully patched. It’s suspected that the underlying code used in this attack is related to the exploits stolen from the National Security Agency (NSA) and made publicly available by Shadow Brokers earlier this year.
The news isn’t good. This was just the first and definitely not the last attack that leverages the exploits leaked by ShadowBrokers. By making the code publicly available, virtually anyone can put together a cyber-attack and unleash it out into the world.
There are several things that you can do to give you the best chance of fending off any future attacks. They include:
Keeping your systems up to date with the latest versions (i.e. Windows 10) as well as the latest patches is critical to keeping your systems safe. Research from Kapersky Labs, indicates that Windows 7 was actually the hardest hit by the virus. With respect to the stolen NSA exploits, Microsoft addressed many of the exploits earlier this year as noted in this blog post.
Companies should deploy Windows 10 Pro at a minimum and should strongly consider Windows 10 Enterprise. Office 365 customers should also consider Advanced Threat Protection to further protect themselves from ransomware. Make sure your IT Services provider uses equipment and services from well know, reputable firms. We leverage WebRoot anti-malware and SonicWall gateway security products, both of which have reported that they can detect and prevent WannaCry, adding an additional layer of protection. (Be aware that the SonicWall Gateway security products are an add-on that not all customers have opted to purchase).
Update your systems, and fast. Older systems, especially those that are out of support (i.e. Windows XP and Windows Server 2003), don’t get security updates anymore and are the most vulnerable. WannaCry was so pervasive that Microsoft has released guidance regarding the attack including emergency patches for systems out of mainstream support such as Windows XP and Windows Server 2003. Don’t expect them to do that every time.
Even if you are on a system that is still in mainstream support, you need to run security updates and stay up to date. For example, Microsoft issued patches around the NSA exploits before they became public knowledge. This prevented many people from the effects of the attack. However, if you weren’t fully patched, you were vulnerable.
In today’s world, there is a constant and ever-expanding threat of cyber-attack. There will be more attacks like this and remember, they don’t have to have a worldwide impact, they just have to affect you.
For more information about your current level of risk and ways you can improve your defenses, contact us at firstname.lastname@example.org.
Bill Wootton is the Founder and President of C3 Integrated Solutions, a full-service IT provider based in Arlington, VA that specializes in securing our nation’s Defense Industrial Base through cloud-based solutions and industry leading partners. Bill is passionate about bringing cyber-awareness, and cyber-maturity to the nation’s Defense Industrial Base, working with clients to help them achieve CMMC and NIST 800-171 compliance by providing MSP, security and Office 365 integration services.