WannaCry


By now, you will have all heard about the rampant spread of ransomware through countless press pieces, blog articles, and far too often, the outrageous claims of some security vendors. But let’s stop and think for a minute or two. How did these attacks happen? Are companies focusing on valid threats, fixing the right problems, or developing correct processes? Have so-called disruptive technologies disrupted our thinking? Let’s not go tactical. Instead, we need to consider, “what is our best strategy?” Ever since the... [Read More]
by RSS Michael Xie  |  Jul 06, 2017  |  Filed in: Industry Trends
We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems. This is a new generation of ransomware designed to take advantage of timely exploits. This current version is targeting the same vulnerabilities that we exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as... [Read More]
by RSS Aamir Lakhani  |  Jun 27, 2017  |  Filed in: Industry Trends, Security Research
There are a couple of important takeaways from our Threat Landscape report. First, while the more high profile attacks have dominated the headlines, the reality is that the majority of threats faced by most organizations are opportunistic in nature. Criminals tend to target low hanging fruit, so it is critical that you minimize your visible and accessible attack surface. [Read More]
by RSS John Maddison  |  Jun 06, 2017  |  Filed in: Security Research
Healthcare systems are consistently a preferred target of cybercriminals. Today, whenever a cyberattack occurs, healthcare networks seem to be right in the crosshairs. There are reasons for this. Historically, healthcare networks have been reasonablely easy to break into. Despite the implementation of new EHR systems and critical infrastructure for healthcare data exchanges, healthcare generally hasn’t kept up with other vertical markets in terms of security, creating “low-hanging fruit” for would-be attackers. These networks... [Read More]
by RSS Susan Biddle  |  Jun 01, 2017  |  Filed in: Industry Trends
The most important question related to the recent WannaCry attacks isn’t who the attackers were, or how big the attack was. The question is, “How did this happen in the first place?” The vulnerability exploited by this attack had been patched by Microsoft months before. That patch was part of a widely publicized update that was issued in response to the massive set of NSA cyberespionage tools leaked by the secretive group known as Shadow Brokers. Everyone knew about it. Yet, apparently, few did anything about it. Failure... [Read More]
by RSS James Cabe  |  May 31, 2017  |  Filed in: Industry Trends
A major challenge facing security vendors today is that most solutions and products are developed based on knowledge of previous threats that already exist. This makes many security solutions reactive by their very design, which is not a tenable strategy for facing the volume of new attacks and strategies arising today. This arms race of identifying new threats, then reacting has been the primary strategy since the dawn of malware: A new virus is identified and then security vendors write the antivirus signature to block it; a polymorphic virus... [Read More]
by RSS Douglas Jose Pereira  |  May 23, 2017  |  Filed in: Security Research
A perspective blog with Derek Manky, Global Security Strategist, Fortinet. We asked Derek to put WannaCry into context. Is this just the eye of the storm? [Read More]
by RSS Bill McGee  |  May 18, 2017  |  Filed in: Industry Trends, Security Research
WannaCry FAQ: How does WannaCry spread? WannaCry has multiple ways of spreading. Its primary method is to use the Backdoor.Double.Pulsar backdoor exploit tool released last March by the hacker group known as Shadow Brokers, and managed to infect thousands of Microsoft Windows computers in only a few weeks. Because DoublePulsar runs in kernel mode, it grants hackers a high level of control over the compromised computer system. [Read More]
by RSS Aamir Lakhani  |  May 17, 2017  |  Filed in: Security Research
  Over the past few days WannaCry malicious malware variants affect hundreds of organizations across the world. This cyberattack spread primarily by exploiting a vulnerability whose manufacturer had issued a critical security update for over two months ago. While there are certainly reasons why it may take an organization some time to patch vulnerable systems, including the risk of updating live systems, two months should be plenty of time for any organization to take appropriate steps to secure their environment. With the recent malware... [Read More]
by RSS Phil Quade  |  May 16, 2017  |  Filed in: Security Research
On May 12th, 2017 the ransomware WannaCry disrupted hundreds of organizations in dozens of countries. The ransomware encrypts personal and critical documents and files and demands approximately $300 USD in BitCoin currency for the victim to unlock their files. [Read More]
by RSS Aamir Lakhani  |  May 15, 2017  |  Filed in: Security Research