Presentation is loading. Please wait.

Presentation is loading. Please wait.

CISOs Guide To Communicating WNCRY.

Published byEustacia O’Brien’ Modified over 6 years ago

Similar presentations

Presentation on theme: "CISOs Guide To Communicating WNCRY."— Presentation transcript:

1 CISOs Guide To Communicating WNCRY

2 What is it and what happened?
WannaCry is Malware, specifically, Ransomware “malicious software which covertly encrypts your files – preventing you from accessing them – then demands payment for their safe recovery. Like most tactics employed in cyberattacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.”   However, WannaCry ransomware deviates from the traditional ransomware definition by including a component that is able to find vulnerable systems on a local network and spread that way as well. This type of malicious software behavior is called a “worm”   Because WannaCry combines two extremely destructive capabilities, it has been far more disruptive and destructive than previous cases of ransomware that we’ve seen over the past months. What is it and what happened?

3 How does a company protect/mitigate the risk
Immediate Steps: Ensure MS patch is installed on every Windows system, including Windows XP Disable SMBv1, an older version of the SMB protocol, and block port 445 at the perimeter, but test first since this may cause some business interruption. Generally, the SMB protocol does not need to be exposed externally, and is only used internally. Ensure your security program has an understanding of what ports, protocols and services are required for your business to operate, and disable any that are not, especially port 445 Whitelist the WNCRY “kill switch” domains *www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com *www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com (remove square brackets [] when whitelisting) How does a company protect/mitigate the risk

4 How does a company protect/mitigate the risk
Secondary Steps: Search our network for files with the .wncry extension to find any encrypted drives that must be recovered from back ups Configure your SIEM or IDS to look for SMB scanning of port 445 in volume. This will also help to determine if your organization was attacked How does a company protect/mitigate the risk

5 How does a company protect/mitigate the risk
Best Practices to Reduce Risk: Implement an ongoing vulnerability management process cycle to identify, prioritize and remediate vulnerabilities, including system configuration, as a cornerstone of your Security Program Segment your networks to stop the spread of infections. Assess data protection, back-up and restoration to ensure that if your data becomes compromised or corrupted, it is easily recoverable. This attack, at a data level, is responded to just like a massive data corruption issue. Follow a standard framework or guideline such as the CIS Critical Security Controls. They are basic to network hygiene. How does a company protect/mitigate the risk

6 On this slide you explain your current security posture
What's our posture?

7 What implications does this have for our security program
This should be used as a teaching tool to implement process rigor and heighten the importance of detection and response. In this case unless prevention was 100% flawlessly executed, organizations were affected. Security programs require focus on all of prevention, detection and response, as well as people, processes and technology. There is no one vendor solution that can plan for outbreaks like this. Use this slide to frame out what changes you are planning and resources you may need. What implications does this have for our security program

Download ppt "CISOs Guide To Communicating WNCRY."

Similar presentations

By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.

Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.
 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.
Year 9 Autumn Assessment Computer system/Information security-Planning, Communicating, Information. By Louis Smith-Lassey 9k 9Y1.

Year 9 Autumn Assessment Computer system/Information security-Planning, Communicating, Information. By Louis Smith-Lassey 9k 9Y1.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Vulnerabilities in Operating Systems Michael Gaydeski COSC 432 8 December 2008.

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Unit 2 Personal Cyber Security and Social Engineering Part 2.

Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Similar presentations

Ads by Google