[Owasp-leaders] Anybody is involved in an "Security message on recent Ransomware attacks (WannaCry worm)" email

Eoin Keary eoin.keary at owasp.org
Sun May 14 18:01:15 UTC 2017


This email was sent early yesterday AM


> As many of you of you will have heard over the last hours, WannaCry has wreaked havoc across several territories in the last 12+ hours and is spreading rapidly.
> 
> Initial attack vector seems to be via a phishing email and then once a host is compromised spreads rapidly across LAN connections using the SMB vulnerability fixed with MS17-010.
> 
> This combinant MalWare exhibiting RansomWare behaviour but spreading via Worm like exploits is a significant escalation in MalWare behaviour and effective.
> 
> Given the virulence with which WannaCry can spread in networks where MS17-010 has not been applied, a strong recommendation at this stage is to isolate Internet connections until MS17-010 can be deployed.
> 
> Some organisation that have sandboxing threat detection and prevention solutions, or Intrusion Prevention Systems that are blocking these exploits may consider keeping Internet connections active but moving to a higher level of threat awareness.
> 
> Recommendations:
> Where MS17-010 not deployed, and no IPS or sandboxing, disable email access for users and restrict Internet access
> Deploy MS17-010 immediately
> Verify that the anti-malware solutions deployed have effective detection and prevention capability and that this has been deployed to ALL devices
> In considering the impact of applying the patch without comprehensive testing, consider the impact of exploitation of the vulnerability
> Err on the side of caution - the impact of this RansomWare and its virulence cannot be underestimated!



@eoinkeary
OWASP since 2004!!

> On 14 May 2017, at 17:59, Azzeddine Ramrami <azzeddine.ramrami at owasp.org> wrote:
> 
> I will ask internally at IBM Security X-Force if I can share the message sent to our customer, including Developers.
> 
> If ok I will share it with you.
> 
> Regards
> Azzeddine
> 
> 
> Le 14 mai 2017 4:49 PM, "Dinis Cruz" <dinis.cruz at owasp.org> a écrit :
> Hi on the topic of the recent WannaCry worn, anybody has an example of an message (sent to users, developers and sys admins) they can share?
> 
> I'm trying to crowdsource this question :)
> 
> Dinis
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/0a3e7eae/attachment.html>


More information about the OWASP-Leaders mailing list