Back to Basics: Worm Defense in the Ransomware Age

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Read the whole blog here.

This post was authored by Edmund Brumaghin

“Those who cannot remember the past are condemned to repeat it.” – George Santayana

The Prequel

In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vulnerability affecting a protocol called SMBv1 (MS17-010). As this vulnerability could allow a remote attacker to completely compromise an affected system, the vulnerability was rated “Critical” with organizations being advised to implement the security update. Additionally, Microsoft released workaround guidance for removing this vulnerability in environments that were unable to apply the security update directly. At the same time, Cisco released coverage to ensure that customers remained protected.

The following month, April 2017, a group publishing under the moniker “TheShadowBrokers” publicly released several exploits on the internet. These exploits targeted various vulnerabilities including those that were addressed by MS17-010 a month earlier. As is always the case, whenever new exploit code is released into the wild, it becomes a focus of research for both the information security industry as well as cybercriminals. While the good guys take information and use it for the greater good by improving security, cybercriminals also take the code and attempt to find ways to leverage it to achieve their objectives, whether that be financial gain, to create disruption, etc.

Ransomware Worms

Computer worms are not a new concept. Worms are different from other malware in that they self-propagate within and between systems; for example, Conficker is a computer worm that used a Windows vulnerability to propagate (MS08-067) and dates back to 2008. In fact, Conficker is still floating around the internet spreading from vulnerable system to vulnerable system almost 10 years later. What the past has taught us is that whenever exploit code is released in the wild for vulnerabilities that are “wormable”, worms will be created and distributed. While this doesn’t happen often, when it does, the impact worms can have around the world is significant. In 2017, we have seen this twice so far. What is new, however, is the use of computer worms to spread ransomware and other destructive malware. Enter WannaCry and Nyetya.

Read the rest of the blog here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Talos
Talos is the industry-leading threat intelligence organization. We detect and correlate threats in real time using the largest threat detection network in the world to protect against known and emerging cyber security threats to better protect your organization.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?