Petya and WannaCry are the tip of the iceberg in a new era of global, distributed cyberattacks that are affecting all industries and geographies. If organizations are not preparing for this new reality, they’ll likely soon be stung by it. The good news is that most distributed cybercrime attacks can be prevented or disrupted with good cyber–hygiene and vulnerability and threat management practices that consider what is happening in the wild. The challenge, though, is doing that across an enterprise–scale network with limited resources. IT security experts from Skybox Security commented below.
Marina Kidron, Head of Skybox Security’s Research Lab:
“If they didn’t heed WannaCry’s warnings, organizations need to take Petya as a wake-up call to the new reality of global, distributed cybercrime. It aims to take money from as many victims as possible, maximizing the ROI of their exploits, tools, and services. Part of Petya’s proliferation is enhanced by providing ransomware-as-a-service (RaaS) to low-skilled attackers. So EternalBlue and the vulnerabilities it exploits are likely going to be reused over and over and over again by Petya or whatever the next incarnation is of distributed crimeware. Prioritizing efforts to focus on these and other vulnerabilities exploited in the wild — or vulnerabilities that attackers can reach within your network — will provide the best ROI, so to speak, for your vulnerability management resources. Having said that, the threat landscape is always changing and so organizations must also systematically address potential threats over time before they become the next Petya.”
Ravid Circus, VP of Products at Skybox Security:
“There are several reasons why organizations fall victim to attacks like Petya and WannaCry, but chief among them is the issue of complexity,” says Ravid Circus, VP of Products for Skybox Security. “Every organization in the world is grappling with complexity. Sprawling networks with millions of assets and vulnerabilities, mobile devices, disconnected security controls, hybrid and multi–cloud environments, legacy systems that are outdated, and a threat landscape that is always changing. Most companies don’t have the tools or time to examine the complex relationships between these things or to orchestrate the response to the risks demanding immediate attention. To protect against attacks like Petya and WannaCry, security pros need to rethink their approach, starting with gaining complete visibility of their attack surface and exposures. They should also be automating everything from risk assessments to analysis to remediation priorities. We’ve seen how quickly Petya can spread; relying on manual methods to combat it is from now on out of the question.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.