[Owasp-leaders] Anybody is involved in an "Security message on recent Ransomware attacks (WannaCry worm)" email

Mark Miller mark.miller at owasp.org
Sun May 14 21:41:20 UTC 2017


Eoin - Thanks for these. -- Mark

On Sun, May 14, 2017 at 2:06 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> very nice, thx for these :)
>
> On 14 May 2017 at 19:01, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> This email was sent early yesterday AM
>>
>>
>> As many of you of you will have heard over the last hours, WannaCry has
>> wreaked havoc across several territories in the last 12+ hours and is
>> spreading rapidly.
>>
>> Initial attack vector seems to be via a phishing email and then once a
>> host is compromised spreads rapidly across LAN connections using the SMB
>> vulnerability fixed with MS17-010.
>>
>> This combinant MalWare exhibiting RansomWare behaviour but spreading via
>> Worm like exploits is a significant escalation in MalWare behaviour and
>> effective.
>>
>> Given the virulence with which WannaCry can spread in networks where
>> MS17-010 has not been applied, a strong recommendation at this stage is to
>> isolate Internet connections until MS17-010 can be deployed.
>>
>> Some organisation that have sandboxing threat detection and prevention
>> solutions, or Intrusion Prevention Systems that are blocking these exploits
>> may consider keeping Internet connections active but moving to a higher
>> level of threat awareness.
>>
>> Recommendations:
>>
>>    - Where MS17-010 not deployed, and no IPS or sandboxing, disable
>>    email access for users and restrict Internet access
>>    - Deploy MS17-010 immediately
>>    - Verify that the anti-malware solutions deployed have effective
>>    detection and prevention capability and that this has been deployed to ALL
>>    devices
>>    - In considering the impact of applying the patch without
>>    comprehensive testing, consider the impact of exploitation of the
>>    vulnerability
>>    - Err on the side of caution - the impact of this RansomWare and its
>>    virulence cannot be underestimated!
>>    -
>>
>>
>>
>> @eoinkeary
>> OWASP since 2004!!
>>
>> On 14 May 2017, at 17:59, Azzeddine Ramrami <azzeddine.ramrami at owasp.org>
>> wrote:
>>
>> I will ask internally at IBM Security X-Force if I can share the message
>> sent to our customer, including Developers.
>>
>> If ok I will share it with you.
>>
>> Regards
>> Azzeddine
>>
>>
>> Le 14 mai 2017 4:49 PM, "Dinis Cruz" <dinis.cruz at owasp.org> a écrit :
>>
>> Hi on the topic of the recent WannaCry worn, anybody has an example of an
>> message (sent to users, developers and sys admins) they can share?
>>
>> I'm trying to crowdsource this question :)
>>
>> Dinis
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
*Mark Miller, Senior Storyteller*
*Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
*Host and Executive Producer, OWASP 24/7 Podcast Channel*
*Community Advocate, Sonatype*

*Developers and Application Security: Who is Responsible?*
<https://www.surveymonkey.com/s/Developers_and_AppSec>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/2191d850/attachment.html>


More information about the OWASP-Leaders mailing list