From coit-security at lists.onenet.net Mon May 15 10:41:09 2017 From: coit-security at lists.onenet.net (CoIT Security) Date: Mon, 15 May 2017 15:41:09 +0000 Subject: [CoIT-Security] Cybersecurity Update: Global Ransomware Campaign (WannaCry) Message-ID: DATE: 5/15/2017 SUBJECT: Cybersecurity Update: Global Ransomware Campaign (WannaCry) OVERVIEW: A global ransomware campaign has affected many organizations initially by exploiting a vulnerability in the SMBv1 protocol. This ransomware variant is known as WannaCry or Wann Decryptor. Organizations should remain vigilant in implementing best practices and recommendations regardless of perceived slowdowns in the spread of this ransomware variant. OneNet UPDATE: OneNet is continuing to monitor traffic and is available for outreach assistance as needed. BEST PRACTICE SECURITY RECOMMENDATIONS: * Organizations should close ports 22, 23, 3389, TCP 139 & 145/UDP 137 & 138. * Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing (MS17-010). o Microsoft release patches for Windows systems no longer receiving mainstream support that mitigate the SMB vulnerabilities. * Disable SMBv1 on all systems and utilize SMBv2 or SMBv3 after appropriate testing. * Implement Principle of Least Privilege across all systems and services. * Ensure endpoint security/antivirus definitions are updated. If endpoint security/antivirus is not in place, this should be one your immediate priorities along with patching. * Maintain Cyberawareness across the organization and remind user not to visit untrusted websites and open emails from un-trusted or unknown senders. * Have good/tested data backups (preferably not connected to the network). REFERENCES: http://blog.talosintelligence.com/2017/05/wannacry.html https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ https://technet.microsoft.com/en-us/library/security/ms17-010.aspx ENDPOINT SECURITY: https://www.symantec.com/products/endpoint-hybrid-cloud-security/endpoint/endpoint-protection https://www.malwarebytes.com/ http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html https://www.paloaltonetworks.com/resources/datasheets/endpoint-protection.html April Goode MBA SPP Director of OneNet Strategic Planning and Communications [OneNetBluBlk_rgb] Learn how OneNet powers weather prediction at the National Weather Center. Oklahoma State Regents for Higher Education 655 Research Parkway Suite 200 Oklahoma City, OK 73104 P 405.225.9251 F 405.225.9250 Toll-free 888.5.ONENET april at onenet.net -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 13484 bytes Desc: image001.png URL: