No Use WannaCrying Over Spilled Milk

WannaCry

If you’ve been keeping up with any technology news, you’ve more than likely heard of the WannaCry ransomware attack that started on May 12th.  The attack started off with news of a cyber-attack against NHS hospitals in England.  Shortly after that, news broke that the attacks were a global attack and that they leveraged NSA tools that were leaked back in March.  With all the information out there, we decided to do a brief write up and timeline of all that happened.

March 2017 – The Patch 

On March 14th. Microsoft released a patch for a critical vulnerability in  SMB (server messaging block) v1.  SMB is the protocol used for file sharing between computers and servers and v1 is considered out of date/deprecated.  Rumors were that Microsoft heard about this exploit from a third party but there was not much to go on.  This seemed to be a normal security update to fix a vulnerability in Windows.  Since this was a routine patch, non-supported versions of Windows like XP and Server 2003 did not get the patch. This critical vulnerability is what allowed the WannaCry ransomware to spread so rapidly and do so much damage over a short period of time.

April 2017 – The Leak

On April 14th, 2017 a hacker group known as “The Shadow Brokers” released EternalBlue (the hack/tool used in WannaCry) along with other tools leaked from Equation Group.  Equation Group is well known in the security sector as a sophisticated threat actor with suspected ties to the NSA.  When these tools were analyzed, it raised suspicions that Microsoft may have been tipped off from the NSA about the leak of their tools.  The NSA then let Microsoft know of the vulnerabilities they were aware of but did not disclose to Microsoft until March 2017.

On April 2017, the DoublePulsar backdoor was starting to be seen.  DoublePulsar was used to infect computers and use them to deliver the WannaCry ransomware later on.

May 2017 – The Attack

On May 12th, 2017, WannaCry began infected computers globally.  These attacks were targeted at highly vulnerable systems.  Organizations without the March 2017 patch or running XP/Server 2003 were the targets.  The attack was a typical ransomware attack that encrypted files and asked for payment.  However, this variant was able to spread using the SMB exploit found in the NSA’s EternalBlue hacking tool.  This means that the payload was able to spread to other vulnerable machines instead of being focused to just one computer.

The attack was quick and spread globally within hours.  Large companies and government agencies such as Telefonica, the NHS, FedEx, Deutsche Bank, and LATAM Airlines were hit.  In total over 150 countries were affected by the attack.

A Glimmer of Hope

Hours after the initial attack, a security researcher for MalwareTech found a kill-switch in the WannaCry ransomware.  The researcher was able to register a specific domain name found in the ransomware.  The domain was used as a command and control center for the attack.  Without communication to its command and control center, the ransomware stopped encrypting files. This allowed countries that were hit late on (like the US) time to patch systems.

On Monday May 15th, the attacks had subsided and on May 16th it appears that attacks have almost completely stopped.  According to researchers, the attackers made around $66,000 in ransom payments.

EDC’s Take on The Attack

While we were concerned with the attack, clients who follow best practices didn’t have to worry as much.  Our managed service clients were patched for this vulnerability back in April and we follow Microsoft’s best practice for operating system retirement. The majority of the cases we have read who were hit the hardest were either behind on patches or had unsupported Microsoft operating systems on their network.  We advise clients to always have the following in place:

1.)Backup systems that are tested regularly
2.)Security software such as endpoint security, spam/virus filtering, and anti-malware
3.) Patch management (including third party software such as Adobe and Java)
4.) Using software and systems still supported by the manufacturer

As always, if you have questions or concerns regarding your network security, please feel free to contact us.

Meet The Team – Gannon Sonnier

Gannnon

One of our newest full-time employees, Gannon started at EDC in December of 2016.  Since then, Triforce mis-use at EDC has been at an all time low and customer satisfaction at an all time high.  We recently sat down with Gannon and asked him a few questions for our newest installment of our Meet The Team series!

1.)Give us a little bit about your background.  Education?  Work experience?

I graduated from UL in Management Information Systems in 2013. Since then, I have worked as a repair tech at Geek Squad and as an associate consultant with Centre Technologies. I’ve completed CompTIA A+ certification and am currently working towards Network+.

2.) What’s something you wished young Gannon would have known?

The value of asking questions. Recognizing that you don’t have the answer is the only way you can learn.

3.) What’s your best achievement to date?

As far as professional achievements go, I remained #1 in the district for turn time and client satisfaction for a full year as a Geek Squad repair tech.

4.) What song do you consider your “jam”?

Just about any 90s-alt rock could be considered my go-to “jam”.

5.) Who would win in a fight between Spiderman and Batman? Why?

Batman could cut Spiderman’s webs with batarangs, at which point his mobility is severely weakened. Then, one-on-one, Batman’s gadgets and superior training would make him victorious.

 

We all know Batman has a contingency plan.  Even when he doesn’t have a plan, he has a plan for that.   Stay tuned to our blog posts as we have more exciting Meet The Team news coming up!  As always, Gannon and other EDC team members are here if you have any questions regarding your enterprise or business computer network.

 

BYOD – Bring Your Own Device

BYOD

Bring Your Own Device/Mobile Device Management

The growing trend (especially amongst startups) is to allow employees to bring their own devices to work. As younger millennials, enter the workforce they want to use their own devices These devices can include laptops, smart phones, tablets, and USB drives.  While the immediate cost savings to a business can be easily examined, the risk of data loss or breach can outweigh those cost savings.  So what can a business do to ease costs and still provide security? Mobile Device Management.

The Basics:  BYOD

Wikipedia states the following about BYOD and its creation:
“Bring your own device (BYOD)—also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own Personal Computer (BYOPC)—refers to the policy of permitting employees to bring personally owned devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications.[1] The phenomenon is commonly referred to as IT consumerization.
BYOD is making significant inroads in the business world, with about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work.[4] Surveys have indicated that businesses are unable to stop employees from bringing personal devices into the workplace.[5] Research is divided on benefits. One survey shows around 95% of employees stating they use at least one personal device for work.
The term BYOD first entered common use in 2009, courtesy of Intel when it recognized an increasing tendency among its employees to bring their own devices (i.e., smartphones, tablets and laptop computers) to work and connect them to the corporate network.[7] However, it took until early 2011 before the term achieved any real prominence when IT services provider Unisys and software vendor Citrix Systems started to share their perceptions of this emergent trend. BYOD has been characterized as a feature of the “consumer enterprise” in which enterprises blend with consumers.[8] This is a role reversal in that businesses used to be the driving force behind consumer technology innovations and trends.”

Mobile Device Management

 

Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers, laptops and desktop computers. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Normally, a software agent is installed on the device.  That software agent can change settings such as:

  1. Restricting Wi-Fi access to certain networks
  2. Turning off services such as Bluetooth or cameras
  3. Preventing app installation
  4. Providing extra security like forcing passcodes, remote wipe, or remote encryption


Basically, the MDM software agent will enforce company policies on devices the business does not own.  You may think this has legal requirements and it most certainly does. Most companies have a BYOD policy that an employee must sign upon hiring.  This gives the company a leg to stand on in the event of a policy breach that may result in loss of data on a personal device.  As always, consult a legal professional before you implement such a policy.

 

At EDC, we provide MDM solutions as part of our managed service package.  We support Android, iPhone, and Windows devices for your business.  If you have any questions regarding MDM and BYOD, please Contact Us.  At EDC, our goal is to introduce technology that can bring your business to the next level.