Positive Technologies experts are
still analyzing the malware sample and gathering additional data—in particular,
information on the mechanism of its intrusion into a network. But even at this
point it is obviously not just a new version of WannaCry. This ransomware
combines hacking techniques, such as standard utilities for system
administration and tools for obtaining passwords to operating systems. This
ensures fast spread of the malware within the network and causes a large-scale
epidemic—if at least one computer is infected. As a result, the computer is out
of operation and data are encrypted.
According to
preliminary data, we can
confirm that this malware is slightly similar to Petya, ransomware known since 2016 that also caused PC to crash.
Talking about the
current situation, the problem is again in information security negligence. In
short, affected organizations did not learn lessons after WannaCry. First of
all, updates are not installed in time. According to Positive Technologies, 20%
of systems have critical vulnerabilities associated with the lack of security
updates. The average age of the most obsolete updates is
9 years, and the oldest discovered vulnerability was published more than 17
years ago.
The general level
of staff awareness of information security is low. There are still cases when employees download attachments or follow links received
from untrusted sources.
Another problem
is that information systems are often configured incorrectly in terms of
architecture.
It is
harder to defend against this threat, compared to WannaCry, since it is also
spreading with stolen legitimate credentials. In order to struggle against it,
we recommend organizations to install security updates on time, implement
information security monitoring, and perform regular security audits.
No comments:
Post a Comment