[Owasp-leaders] Anybody is involved in an "Security message on recent Ransomware attacks (WannaCry worm)" email

Dinis Cruz dinis.cruz at owasp.org
Sun May 14 18:06:13 UTC 2017


very nice, thx for these :)

On 14 May 2017 at 19:01, Eoin Keary <eoin.keary at owasp.org> wrote:

> This email was sent early yesterday AM
>
>
> As many of you of you will have heard over the last hours, WannaCry has
> wreaked havoc across several territories in the last 12+ hours and is
> spreading rapidly.
>
> Initial attack vector seems to be via a phishing email and then once a
> host is compromised spreads rapidly across LAN connections using the SMB
> vulnerability fixed with MS17-010.
>
> This combinant MalWare exhibiting RansomWare behaviour but spreading via
> Worm like exploits is a significant escalation in MalWare behaviour and
> effective.
>
> Given the virulence with which WannaCry can spread in networks where
> MS17-010 has not been applied, a strong recommendation at this stage is to
> isolate Internet connections until MS17-010 can be deployed.
>
> Some organisation that have sandboxing threat detection and prevention
> solutions, or Intrusion Prevention Systems that are blocking these exploits
> may consider keeping Internet connections active but moving to a higher
> level of threat awareness.
>
> Recommendations:
>
>    - Where MS17-010 not deployed, and no IPS or sandboxing, disable email
>    access for users and restrict Internet access
>    - Deploy MS17-010 immediately
>    - Verify that the anti-malware solutions deployed have effective
>    detection and prevention capability and that this has been deployed to ALL
>    devices
>    - In considering the impact of applying the patch without
>    comprehensive testing, consider the impact of exploitation of the
>    vulnerability
>    - Err on the side of caution - the impact of this RansomWare and its
>    virulence cannot be underestimated!
>    -
>
>
>
> @eoinkeary
> OWASP since 2004!!
>
> On 14 May 2017, at 17:59, Azzeddine Ramrami <azzeddine.ramrami at owasp.org>
> wrote:
>
> I will ask internally at IBM Security X-Force if I can share the message
> sent to our customer, including Developers.
>
> If ok I will share it with you.
>
> Regards
> Azzeddine
>
>
> Le 14 mai 2017 4:49 PM, "Dinis Cruz" <dinis.cruz at owasp.org> a écrit :
>
> Hi on the topic of the recent WannaCry worn, anybody has an example of an
> message (sent to users, developers and sys admins) they can share?
>
> I'm trying to crowdsource this question :)
>
> Dinis
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/d0365be3/attachment.html>


More information about the OWASP-Leaders mailing list