WannaCry and the thing with the updates…

guest comment us is once again the vulnerability of our entire digital infrastructure dramatically before eyes has been waged. But despite instantaneous emergency measures, including a patch for already-announced operating systems, by far not every company before an infection is thus protected – for updates and patches are not even an option in many cases. Effective protection must begin on a completely different level.

 WannaCry has infested more than 180,000 PCs according to current census (screenshot: ZDNet.de) WannaCry has infested more than 200,000 PCs after current census (screenshot: ZDNet.de)

encryption Trojans themselves are nothing new by far–unusually, in this case, only the distribution channel – a combination of different tactics and thus was extremely effective. So, the WannaCry malware is just like a worm able to redistribute itself independently by vulnerability after successful infection by a malicious link in a spam message. The result: A Ponzi scheme which already more than 220,000 systems in at least 150 countries to the victims fallen should be .

the opposite of good is well intentioned – quite a few affected companies are left behind in the current case also with this feeling, when they hear the advice in hindsight: “you were gone but beforehand a current operating system. Windows 10 is protected by the patch since March.” Sure, at first glance of course a valid argument . But in contrast to the majority of home users are companies not in a comfortable position, wish – or at least in need – without further ADO to update their IT landscape often.

“Never change a running system” and other obstacles

we have only a glimpse of critical infrastructure such as production machines in manufacturing plants. Whose controls allow no modifications in circumstances and do not allow this for security reasons also – therefore work well many production systems with older software such as Windows XP. Because nothing will change in the near future, because the classic production machine is designed for a period of several decades – a short-term replacement of the entire machinery to newer models is of course not an option. We find a similar situation in highly regulated sectors such as the automotive or the medical industry: there are often strict compliance regulations, which allow modifications to the system under any circumstances.

 Dennis Monner, Secucloud (image: Secucloud) Dennis Monner, Secucloud:” In the case of WannaCry realized the malicious infection mail should be done with the initial infection of a company our solution, classified it as a threat and was automated to protect against infection then able, all users (image: Secucloud). ”

and even if there are objectively no hindrances for the installation of patches or updates, factors such as time and cost scarcity that even critical security often only with large delay – if at all – fixes make in practice. Remember we us back only once to the SSL vulnerability Heartbleed from the year 2014: even three years after becoming aware of the gap are still hundreds of thousands of systems reachable via the Internet were ungepatcht. The reason is obvious: a patch is a huge overhead for large installations with several thousand or even ten thousand systems. True to many companies shy away from risk, to play bad updates and thus in the worst case to put their entire production operation the motto “Never change a running system”.

even if Microsoft again extremely quickly responded in this case and because of the scale of the attack even for older versions of Windows already compares support such as XP or Server 2003 – provided a patch for the vulnerability for the most varied reasons should be also this for many companies no practical option to actually protect the own systems from infection with the WannaCry malware.

parent level

the current cyber security should be an eye opener for us – the importance, IT security must have in these times of all-encompassing digitalization, as well as the fact that the reality in many companies and enterprises requires a whole new approach to security. Instead of PCs, individually to protect machinery and other Internet-enabled business devices, safety must be ensured already at the upper level: Central and universal for the whole company.

HIGHLIGHT

WannaCry: indictment of affected businesses and organizations

WannaCry could in particular therefore to spread rapidly, because IT managers in companies and organisations did not install available security patches. That revealed a dubious level of lack of awareness of safety.

cloud-based security solutions, for example, their protection mechanisms directly in the cloud, for example in the infrastructures of the Internet provider, settle. Thus Internet traffic which independently headed and scans for threats before enter malicious files in the company – can customers of initial infection by the specific devices whose operating systems or also individual solutions on this separate security system will be scooped so effectively, even without a modification of the system.

Accordingly, for example, our cloud-based security solution, ECS 2 offers using their cloud-intelligence technology already since the first attack attempt of the WannaCry malware on a Secucloud customers in 12 Mai Schutz. The advanced persistent threat (APT) filter of our solution is able to detect even unknown threats based on suspicious data streams. These are first in a sandbox isolated and analyzed before they propagate at all on the system of the user. In the case of WannaCry recognized the harmful infectious mail should be done with the initial infection of a company our solution, classified it as a threat and was then able to protect all users automatically from an infection. Independently used operating systems or installed patches fail the malware thus, ever break into the company.

author

Dennis Monner…

… is CEO of the German security specialist Secucloud. He is the founder and former Chairman of the Board of the IT security manufacturer gateprotect, which was taken over by Rohde & Schwarz in 2014. Under his leadership, the company could allow 500 international competitors behind and now part of 10 of the industry of ranking in the magic to the top Quadrant in Gartner analyst.

Be the first to comment

Leave a Reply