The remark “never a dull moment” is rarely an expression used to indicate joy. Instead, it’s a semi-sarcastic way of lamenting unwelcome excitement. While no one wants to have a boring job, spending one’s time fighting ransomware outbreaks that disrupt business operations and put one’s job at risk are not the kinds of exhilarating challenges that most Chief Information Security Officers (CISO) pine for. The recent WannaCry outbreak has all the hallmarks of this unwelcome excitement. The ransomware infects computers by exploiting a vulnerability that Microsoft patched two months ago. It propagates through a network port that every enterprise should be locking down. It exhibits malicious behavior that should be relatively easy to detect and mitigate. By some accounts, it was arguably a poorly executed attack that did a mediocre job of accomplishing what appears to be its most important objective - extracting money from its victims.
But we’re not here to blame the victim. There are a lot of legitimate reasons why patches were delayed, why ports were left open, or why it went undetected. For many industrial environments, production realities and safety concerns dictate that changes occur slowly with interoperability workarounds – it’s a simple fact of life. And for others, we don’t know the whole story. Reports indicates that the ransomware has been “improved” over the last few days and that some victims could have been infected through social engineering methods that are slightly more difficult to mitigate. Nonetheless, no one wants to explain these nuances to their CEO, let alone reporters looking to score a front page story.
Our goal at Leidos is help our customers stay off the front page. We start by helping them assess their current cyber programs, while supporting the development of a strong defensive foundation by taking on activities such assembling and implementing a vulnerability management program that scans for vulnerabilities and deploys patches. We help customers transform their SOC from a reactive security posture to become more proactive and even predictive defenders of the enterprise. We validate and verify assumptions, and highlight potential gaps by simulating attackers through our penetration testing and Advanced Persistent Threat Simulation services to highlight potential network weak points. We help customers by providing an advanced Managed Detection and Response (MDR) capability that combines custom network and host-based capabilities backed by a dedicated team of network defense and cyber-intelligence analysts to rapidly detect, contain, and eradicate intrusions before they can cause impact. With regard to our industrial customers, we offer a comprehensive asset and configuration platform called Industrial Defender ASM that can verify patch status, detect unauthorized configuration and file changes, and identify malicious activity within operational systems.
The moral of the story here is that yes, the WannaCry ransomware event is decidedly high impact and newsworthy, but it was also entirely preventable. Learn how you can prevent the next incident by contacting Leidos today.
Leidos is happy to partner with you on your cybersecurity journey so you can ensure that you are not a victim of this attack or any others like it. Contact us today to learn more.