Home Security Latest ransomware: enterprise IT teams earn flak

At least two officials from security companies have taken aim at IT teams in businesses after the latest Windows ransomware attack that spread from Europe to other parts of the world overnight.

Ross Brewer, vice-president and managing director of international markets at LogRhythm, said both WannaCry and the latest attack showed "the lack of accountability and focus on basic IT and security fundamentals".

"Core IT operational competencies, such as patch management, back-ups, disaster recovery, and incident response are not well implemented or maintained," he said.

"These are absolutely essential in protecting your company from damaging cyber threats and without them you are left in a perpetually vulnerable state, a sitting duck for these types of attacks, merely hoping that you aren’t compromised. The only actions you take are responsive, only after some other unlucky company was compromised."

Brewer said that security vendors were often criticised for fear mongering and exaggerating the possible consequences of a cyber attack.

"But I think we can agree that recent events are starting to show that the warnings were warranted," he said. "These attacks are targeting our top businesses, banks, healthcare institutions and other critical national infrastructure, are revealing the chaos that ensues when organisations lose control of their data – when are we going to do something about it?"

Tenable technical director Gavin Millard also took aim at business IT teams, saying: "If this attack turns out to be leveraging the same vulnerabilities WannaCry leveraged to spread, or other known bugs that have had patches available for months, there are going to be some awkward conversations between IT teams that failed to patch or protect and businesses affected.

"The publicity around WannaCry couldn’t have been larger, probably eclipsing Heartbleed, yet if this is the same attack vector, it demonstrates a distinct lack of taking threats like this seriously.”

Yaacov Ben Naim, senior director of cyber research at Cyber Ark, said it had been noticed that the latest ransomware appeared to be sparing endpoints that used an US English-only keyboard, pointing out that this "seemingly self-imposed restriction has been seen in nation state attacks".

Malwarebytes ANZ regional director Jim Cook warned that this outbreak would not be the last. "If Shadow Brokers keeps its promise to continue releasing NSA exploits, it seems that this sort of mass infection will become common – so now is the time to ensure you have a decent back-up system, patch process and a current end point security solution in place."

Forcepoint chief executive Matt Moynahan said an important takeaway was "the undeniable trend in the increasing ease by which attackers can penetrate the perimeter and get inside of corporate infrastructure".

"Perhaps even more important to consider is the motivation behind the attack and the harm intended on the target. In this case it was to hold companies ransom for US$300; it could have been much worse. To address these new and evolving threats, we need to understand the intent and motivations behind them.

He said that if there was no investment in the cyber security of critical infrastructure "we will continue to see massive attacks with economic, employee and public safety ramifications. From the government to the boardroom, leaders need to make cyber resiliency a requirement, putting focus and funding behind it".

"While the perception may be that if we criminalise cyber attacks we will inhibit innovation, the reality is that if we do not treat cyber crime more seriously, attacks like WannaCry and Petya will start to feel even more commonplace than they already do.”

The Shadow Brokers, which dumped a number of NSA exploits, among them EternalBlue which was used in the WannaCry attack, has said that any future exploits would only be available for sale on a subscription model.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities