In the wake of the spread of WannaCry malware experts remind infosec pros to patch systems quickly
While infosec pros in Canada this morning are scanning their systems to ensure Windows and anti-malware systems are fully patched to deal with the WannaCry ransomware that quickly spread around the world over the weekend, there are worries a new release of alleged CIA-created vulnerabilities from WikiLeaks will shortly lead to more attacks.
So far there are few public reports of IT systems in this country being victimized by WannaCry, which uses techniques of a worm to spread to computers in 150 countries.
None of the 15 large Canadian enterprises who are members of the Canadian Cyber Threat Exchange have reported being successfully attacked by this particular malware, said executive director Robert Gordon. “I’ d like to interpret it as because companies have been doing the updates that Microsoft put out — that would be the optimistic side of me. The more pessimistic side of me is saying companies are paying the ransom and not reporting it.”
(Meanwhile other ransomware attacks continue. Gordon said a Canadian company not a member of the CCTX this morning reported being hit by the so-called Onion ransomware.)
The WannaCry infection prompted Satyamoorthy Kabilan, director of national security and forensic foresight at the Conference Board of Canada to warn in a blog of how vital patching is to a mature enterprise cyber security strategy.
“There can be issues and costs that come with patching and particularly with updating systems, ” he writes, “which can lead to a reluctance to move in this direction. But this incident makes clear once again that we need to get the basics right when it comes to cyber security – and patching and updating are one of those basics.”
Similarly, McAfee CTO Steve Grobman said the WannaCry attack “should remind IT of the criticality to apply patches quickly. Part of the reason IT organizations hesitate to patch or run an internal quality assurance process is to ensure that there aren’ t software incompatibility issues. One way I like to think about this is that whenever a patch must be applied, there is a risk to applying a patch, and a risk to not applying a patch. Part of what IT managers need to understand and assess is what those two risks mean to their organizations.”
He also warned CISOs the incident is a remind that whenever a vulnerability is reported and an exploit published that could by used by criminals expect and be prepared for an attack cybercriminals, we should always expect and be prepared for this kind of attack, and many more copy-cat attacks following soon after.
To that end note that on Friday WikiLeaks published the eighth in its “Vault 7” series of tools it has gotten hold that allegedly were manufactured by the CIA to exploit holes in Windows. This release includes user guides and other material which could guide attackers to exploiting the holes.
The tools are
