Victim: A user receives a phishing e-mail with a malicious Word attachment.So let’s explore the most common possibility. What is clear in case, is that you have to protect your network from the initial infection. This wouldn’t be unusual as today’s cybercrime is very well organise with hackers specialising on specific attacks like infecting devices, deploying a remote access Trojan and then selling the access to others. My personal theory is that the threat actor behind WannaCrypt simply bought access to devices which were already infected with malware and with this was able to check if the Microsoft patch was already deployed in its victims network. However based on what we have seen on Friday, with so many attacks happening at the same time, it is hard to believe that users in so many well known companies opened malicious e-mail attachments and nobody has evidence of these e-mails. There are numerous possibilities like for instance a malicious Word document distributed in phishing e-mails which is the classical threat vector for ransomware these days. In case of WannaCrypt, there is no proof yet on how the initial infection exactly happend. In the first stage a device gets infected with malware. Stage 1 – Initial Infection of the first Device One important point up-front Installing the Windows update MS17-010 is crucial but will not protect you against this initial infection ! Apparently Kaspersky already found a variant without the kill-switch but it had a bug in the malware which prevent it from spreading “Yes, malware has bugs too )” So all done and no need to worry? Well I don’t think so because is very simple for the threat actor behind the WannaCrypt ransomware or any copycats to change the code. ![]() ![]() Let’s start with the good news, a security researcher “MalwareTech” accidentally stopped the initial outbreak by registering a DNS name he found in the malware code. Have a smile on your face, sit back and relax – you are covered, just tell the system guys to get their patching done and install Traps.Īfter having spent the entire weekend on the phone with customers worried about WannaCrypt (also known as WannaCry) and asking what to do, I thought I write a quick blog post with all the things you need, to protect against this nasty ransomware using Palo Alto Networks Security platform. For every FireWall administrator who has already implemented our recommended Security Best Practices
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |