‘WannaCry’ Attack – Another Microsoft Environment of Yours May Not Be Secure

If you’ve connected to headline news in any way - watch, listen, or read - since last Friday then you must have heard about the massive cyber-attack - WannaCry – a ransomware attack on Microsoft Windows operating systems that have infected more than 300,000 computers in 150 countries.  This malware infects Windows PCs by locking the user out of accessing their files and data and demanding a payment – of about $300 - in the online cryptocurrency, Bitcoin, or otherwise potentially lose all of your data.

“The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency," Microsoft President and Chief Legal Officer Brad Smith says.  Back in April a hacking group named Shadow Brokers released the malware that the NSA formerly had their hands on. WannaCry likely could be the biggest online extortion attack recorded to date.

Just like WannaCry, ransomware continues to grow as a common form of malware for attackers as it’s up from the 22nd spot in 2014 to the 5th most common type of malware.  As The Verizon Data Breach Investigations Report points out, “the attacker, holding files for ransom is fast, low risk and easily monetizable – especially with Bitcoin to collect anonymous payment,” which is exactly what is happening as we speak with WannaCry.

Crimeware is just 1 of 9 categories Verizon has identified in their 2017 report that your organization may need to keep an eye on.  Ranked in order of the most common breach category:

  1. Web Application Attacks
  2. Cyber-Espionage
  3. Insider and Privilege Misuse
  4. Miscellaneous Errors
  5. Point of Sale Intrusions
  6. Payment Card Skimmers
  7. Physical Theft and Loss
  8. Crimeware
  9. Denial of Service

Ranking number three on the list, Insider and Privilege Misuse threats present a number of challenges, one being the time to uncover the breach, which can take months, even years to discover.  According to Information Security Community on LinkedIn, 42% of organizations have the appropriate controls in place to prevent an insider attack, but the numbers of incidents and breaches continues to rise.

Insider and Privilege Misuse is an area that the Microsoft Platform Management group here within Quest has an extreme interest in, specifically when it comes to Active Directory misuse.  Accidental or malicious misuse of AD permissions, elevated accounts and sensitive groups can weaken security protocols and lead to unauthorized access to sensitive Windows-based data.  Active Directory holds the keys to authorizing and accessing certain resources, files, folders, shares, servers and more, including your organization’s most critical data.

More than 90 percent of the world’s large companies use AD, totaling some 500 million active account users.  About 95 million, or one fifth, of those accounts are under attack every day.  Adding in Azure AD, we see another 13 billion login attempts and of those are 10 million cyber-attacks every day.  

The news of the WannaCry attack couldn’t come at a more coincidental time for Quest as we are in the middle of a 4-part webcast series - How to Overcome Common Hybrid AD and Cloud Security Challenges. The webcast series features a fictional character, Hank the Hacker, who represents hackers that appear in many shapes and sizes and who love to exploit the security gaps of on premise AD, Azure AD and Office 365.

In part 1 of the series, we showed how to identify potential cloud security risks, insider threats and data breaches with continuous assessment.

In Part 2 of the series, we looked into challenges with AD & Cloud security auditing and what changes should be defined as inappropriate

In part 3 of the series, this Wednesday May 17 at 11ET we dig into least privileged access, challenges with the cloud, and how to mitigate changes to sensitive resources.

And in part 4, Wednesday May 24 at 11ET, we look at the ability to investigate and recover from security incidents and breaches, if and when they happen.

So join us for the last 2 LIVE webcasts of the 4-part series and watch the on demand versions of the first two webcasts by registering at www.quest.com/StopHankNow.

And as far as WannaCry….don’t be a victim.  Microsoft issued a fix that you should review here to ensure you too keep your files.

Attend Event

Anonymous