[Owasp-leaders] Anybody is involved in an "Security message on recent Ransomware attacks (WannaCry worm)" email

Dinis Cruz dinis.cruz at owasp.org
Sun May 14 22:09:42 UTC 2017


Here is the version we just sent internally at PhotoBox (to all of
technology)

http://blog.diniscruz.com/2017/05/security-message-on-recent-ransomware.html

Dinis

On 14 May 2017 at 22:41, Mark Miller <mark.miller at owasp.org> wrote:

> Eoin - Thanks for these. -- Mark
>
> On Sun, May 14, 2017 at 2:06 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>
>> very nice, thx for these :)
>>
>> On 14 May 2017 at 19:01, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>>> This email was sent early yesterday AM
>>>
>>>
>>> As many of you of you will have heard over the last hours, WannaCry has
>>> wreaked havoc across several territories in the last 12+ hours and is
>>> spreading rapidly.
>>>
>>> Initial attack vector seems to be via a phishing email and then once a
>>> host is compromised spreads rapidly across LAN connections using the SMB
>>> vulnerability fixed with MS17-010.
>>>
>>> This combinant MalWare exhibiting RansomWare behaviour but spreading via
>>> Worm like exploits is a significant escalation in MalWare behaviour and
>>> effective.
>>>
>>> Given the virulence with which WannaCry can spread in networks where
>>> MS17-010 has not been applied, a strong recommendation at this stage is to
>>> isolate Internet connections until MS17-010 can be deployed.
>>>
>>> Some organisation that have sandboxing threat detection and prevention
>>> solutions, or Intrusion Prevention Systems that are blocking these exploits
>>> may consider keeping Internet connections active but moving to a higher
>>> level of threat awareness.
>>>
>>> Recommendations:
>>>
>>>    - Where MS17-010 not deployed, and no IPS or sandboxing, disable
>>>    email access for users and restrict Internet access
>>>    - Deploy MS17-010 immediately
>>>    - Verify that the anti-malware solutions deployed have effective
>>>    detection and prevention capability and that this has been deployed to ALL
>>>    devices
>>>    - In considering the impact of applying the patch without
>>>    comprehensive testing, consider the impact of exploitation of the
>>>    vulnerability
>>>    - Err on the side of caution - the impact of this RansomWare and its
>>>    virulence cannot be underestimated!
>>>    -
>>>
>>>
>>>
>>> @eoinkeary
>>> OWASP since 2004!!
>>>
>>> On 14 May 2017, at 17:59, Azzeddine Ramrami <azzeddine.ramrami at owasp.org>
>>> wrote:
>>>
>>> I will ask internally at IBM Security X-Force if I can share the message
>>> sent to our customer, including Developers.
>>>
>>> If ok I will share it with you.
>>>
>>> Regards
>>> Azzeddine
>>>
>>>
>>> Le 14 mai 2017 4:49 PM, "Dinis Cruz" <dinis.cruz at owasp.org> a écrit :
>>>
>>> Hi on the topic of the recent WannaCry worn, anybody has an example of
>>> an message (sent to users, developers and sys admins) they can share?
>>>
>>> I'm trying to crowdsource this question :)
>>>
>>> Dinis
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> *Mark Miller, Senior Storyteller*
> *Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
> *Host and Executive Producer, OWASP 24/7 Podcast Channel*
> *Community Advocate, Sonatype*
>
> *Developers and Application Security: Who is Responsible?*
> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/d372734c/attachment-0001.html>


More information about the OWASP-Leaders mailing list