Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

WannaCry? Patch or Protect

WannaCry and the vulnerability it targeted has dominated the global news all week, including technical details, prevention advice, attribution speculation and even personal details of the researcher who discovered the kill switch that stopped the aggressive ransomware. With the panic around WannaCry slowing and a clearer picture of what happened emerging, now is a good time to take stock of its global impact and see what can be done to prevent future attacks.

Ransomware attack methodologies

Most ransomware targets a handful of well-known vulnerabilities

Ransomware is the monetization of an organization’s failure to do the fundamentals of cybersecurity well. As most ransomware targets a handful of well-known vulnerabilities, keeping systems patched and up to date goes a long way towards preventing a ransomware attack. Since the re-emergence of ransomware over the last few years, the predictable attack method is typically one of two possibilities :

  1. An email enticing users to either download a file or, more effectively, visit a website that hosts an exploit kit to take advantage of an existing browser-based vulnerability on the target’s computer.
  2. The cyber criminals hijacking an advertising network that serves high profile websites, again taking advantage of browser-based vulnerabilities.

Experts have theorised that a ransomware attack inspired by old internet worms like Conflicker, CodeRed and Slammer could automatically hunt down the next target without any user interaction, resulting in a massive global attack. But until last Friday, this type of attack was not broadly observed. Then WannaCry burst onto the scene, ripping through networks and causing significant disruption to organisations worldwide. WannaCry exploits a flaw in the ubiquitous SMB protocol used to access shared files and printers, and once a system is infected, it leverages the infected host to find the next victim.

The vulnerability that WannaCry targeted is, like most other ransomware, quite well-known, and a fix has been available for two months. Still, the WannaCry malware targeted those systems that didn’t have the patch applied.

Patching

Patching is difficult. IT and security teams can't control everything, and the things that they can control can't always update quickly. It has become increasingly easy to deploy changes into environments, but there are systems that can’t just be updated with a click of a mouse button or a simple script. Fragile artifacts exist in many environments; taking down a manufacturer’s production system — or even reducing efficiency due to scanning or maintenance-induced latency — is rarely greeted with smiles.

Protection

Inability to patch in a timely manner shouldn’t be an excuse for poor cyber hygiene. WannaCry could have been stopped in two different ways:

  1. Deploying the MS17-010 update, or
  2. Firewalling off SMB to vulnerable systems

If patching critical issues like MS17-010 could cause disruption to the business, then compensating controls must be put in place and proper, risk-based decisions must be made. Put simply if you can’t patch it, protect it.

If you can’t patch it, protect it

If the system that controls an MRI machine is exposed due to an attack vector like MS17-010, then perhaps the main hospital network can operate without SMB access. If Windows XP is required by a factory automation manufacturer, the vulnerable systems must be treated like the security threats that they are — ring-fenced and monitored for unusual activity.

To do this effectively though, organisations have to understand their environments and exposures, which in itself is a significant hurdle many struggle to conquer. Continuous visibility into the vulnerability status of every asset in the modern computing environment is critical in understanding the business impact of ransomware attacks like WannaCry and to fundamentally improving how your organization thinks about cybersecurity.

Continuous visibility into the vulnerability status of every asset in the modern computing environment is critical in understanding the business impact of ransomware attacks

Tenable solutions

For information on how Tenable can help address WannaCry, we’ve posted a detailed blog on using our products to identify issues before they become problems.

To understand more about ransomware attacks and protection, read Back to Basics with the 2017 Verizon DBIR.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training