Following the news that cryptocurrency miner Adylkuzz may have caused more damage than the WannaCry malware. Steve emphasises the need for organizations to rethink their approach to evaluating the risks of patching or not patching vulnerabilities in their environment, Steve Grobman, CTO at McAfee commented below.
Steve Grobman, CTO at McAfee:
“Organizations should never conclude that the absence of a major cyber-attack means that they have effective cyber defenses. WannaCry and Adylkuzz show how important security patches are in building and maintaining those effective defenses, and why regular patching plans to mitigate environment vulnerabilities need to become a higher priority.
Whenever there is a patch that must be applied, there is a risk associated with both applying, and not applying it. IT managers need to understand what those levels of risk are, and then make a decision that minimizes the risk for their organization. Companies that have become lax in applying patches may not have experienced any attacks that can take advantage of those vulnerabilities, reinforcing the behavior that it’s okay to delay patching.
One difference between Adylkuzz and WannaCry is that it is advantageous for Adylkuzz to remain undetected and run as long as possible to maximize the amount of time a machine can be used for mining. This creates an incentive for the cybercriminals of Adylkuzz to cause minimal damage and fly under the radar whereas WannaCry loudly informs the user that a compromise has occurred and causes massive destruction to the data on a platform.
WannaCry and Adylkuzz are the latest reminders of how the ‘to patch or not to patch’ risk analysis needs to be rethought within organizations worldwide.”