DASLS Latest News

 


WannaCry Cyber Attack - Update from Alchemy Systems

WannaCry Cyber Attack - Update from Alchemy Systems

A massive cyber-attack has struck organisations around the world. Among the worst hit was the National Health Service (NHS) in England and Scotland. According to the BBC about 40 NHS organisations and some medical practices were hit, with operations and appointments cancelled. As a precaution the NHS shut down all their IT systems.

 

Here at Alchemy Systems we were not affected neither were any of our clients.  This is largely down to the fact that we  ensure Windows automatic updates are enabled for all devices by default.  This particular malware is heavy with file-based executables. This makes this particular threat very easy for an application whitelister to stop. We encourage all our clients to make use of a next generation Endpoint Protection product  such as Adaptive Defence 360 from Panda Security. The application whitelisting function would have blocked this threat from the outset.

 

How WannaCry worked

So how did WannaCry attack so many organisations in so many countries?

 

The specific vulnerability that WannaCry uses to propagate itself is ETERNALBLUE.  This is a vulnerability discovered by the United States National Security Agency (NSA). It was initially classified because it was very easy to ‘weaponise’ – this has now become very clear.  Details of the vulnerability were released into the public domain by the group “Shadow Brokers” on April 15th as part of a larger trove of information stolen from the NSA.  The NSA tipped Microsoft off about this stolen data and a patch was released on March 14th as part of the automatic updates process – almost two months before being exploited by Wannacry – and a month before public disclosure.  Devices with the Microsoft patch installed are not vulnerable to the malware spreading on an internal network. This significantly reduces the impact of the malware.

 

The use of this vulnerability makes it particularly dangerous – weapon – and allowed it to spread laterally across an internal network.  It is therefore a Worm as well as a common piece of malware. This explains why organisations like the NHS and Telefonica were so badly affected and why workstations that were not used for general email and internet use were infected.  The bigger the institution the quicker and faster it spread amongst unpatched devices.  Once a single device was infected it spread to all other unpatched devices on the same network.

 

Killing the Malware

Within 24 hours, a security researcher spotted a domain written into the malwares code which it contacts at the beginning of the execution cycle.  The researcher registered it for a few dollars thinking he could sinkhole the domain and capture all the IP addresses in order to pass this to the authorities and the Shadow Server foundation to alert companies, ISPs and CERT’s which of their networks were affected and try to limit the spread.  He realised later that the presence of the domain actually acted as a killswitch to the malware – and the spread has now virtually stopped.  Until of course the next variant is released.  There will still be plenty of unpatched devices next time around.

 

The Value of Cyber Essentials

Had the NHS, Telefonica, and the others, closely adhered to Cyber Essentials (a UK government certification) then they would not have been affected – or at least nowhere near so badly.  Now the National Cyber Security Centre (NCSC) is working overtime to put them back together again.

 

More about Cyber Essentials from Alchemy Systems here:

https://www.alchemysys.co.uk/consultancy/protect-your-business-from-cyber-attack-gain-cyber-essentials-certification/

 

Avoiding such attacks

These are just some of the ways that any organisation can avoid an attack such as WannaCry.

  • Make sure automatic updates are turned on for every device for every client
  • Ensure all software is current and patched.
  • Ensure no unsupported operating systems are in use
  • Segregate devices onto separate LAN’s wherever possible
  • Use application whitelisting
  • DNS blocking would have blocked access to command and control shortly after the malwares release into the wild
  • Have Cyber Essentials or even better, Cyber Essentials Plus certification
  • Deliver regular staff awareness training
  • Make regular use of phishing simulations

Alchemy Systems – IT & telephony supply chain, installation & support contracts

 

Alchemy Cloud – Microsoft accredited hybrid cloud solutions

 

Zynet – Software house supplying bespoke development, web services & SharePoint

 

Tel: 0330 043 0801Exeter  01392 248498F: 08707 059569

 

Our business grows by referral - know someone who would benefit from our help? We reward referrals

Subscribe to Updates

Subscribe to:
Like   Back to Top   Seen 22 times   Liked 0 times

Subscribe to Updates

If you enjoyed this, why not subscribe to free email updates and join over 650 subscribers today!

Subscribe to updates

Enter your email address to be notified of new posts:

Subscribe to:

Alternatively, you can subscribe via RSS RSS

‹ Return to

We never share or sell your email address to anyone.

I've already subscribed / don't show me this again

Latest Events

Our Partners

Latest Jobs

Latest Training

Latest Social

Devon & Somerset Law Society

Local professional organisation for solicitors in Devon and Somerset providing training, recruitment, social events, mediation, complaints...

Exeter. 1-10 employees

Our Partners

Contact.

01392 366 333 info@dasls.com

Aston Court
Pynes Hill
Exeter
EX2 5AZ


Tel: 01392 366333

Contact Us Find US

Twitter.

LinkedIn.

Devon & Somerset Law Society

Local professional organisation for solicitors in Devon and Somerset providing training, recruitment, social events, mediation, complaints...

Exeter. 1-10 employees

Copyright © 2021 Devon & Somerset Law Society. All Rights Reserved. | Powered by WebBoss.io 3.6.6