WannaCry: When the Theoretical Becomes Real
I’ve spent many years talking to audiences – corporate customers, government leaders, and everyday people – about cyberthreats both real and possible. But what happened over last weekend with the “WannaCry” threat feels like a point at which “future threats” become “now threats” in many people’s minds.
We’ve all known for decades about hackers, information thefts, computer viruses etc. But when a hospital’s information systems get locked, and lives are at stake, think pieces about the “Future of Cybersecurity” don’t seem so distant. The future is now.
The on-going WannaCry attack, which started last Friday, is the first time we’ve seen worm tactics combined with ransomware on major scale. The outbreak has already infected 350,000 victims in more than 150 countries.
WannaCry’s success comes down to its ability to amplify one attack through the vulnerabilities of many machines on the network, making the impact greater than what we’ve seen from traditional ransomware attacks. (See Steve Grobman’s blog on the intricacies of the attack here).
We are protecting you, at Day Zero and beyond
McAfee technology provided Day Zero protection against the WannaCry attack, not just at the endpoint but across many aspects of an integrated security architecture. More than ever, threats like WannaCry remind us that an integrated defense is the best defense because it enables you to protect, detect and respond to the newest and most challenging threats:
- McAfee Endpoint Security (ENS) 10.2 (or later) running Dynamic Application Containment (DAC) in Secure mode gave full Day Zero protection against WannaCry.
- ENS, Threat Intelligence Exchange (TIE) and Advanced Threat Defense (ATD) operate together as a zero touch, closed loop security defense system. This system provided effective prevention, detection and response of the attacks at Day Zero as ATD identified the attacks as malicious, allowing the McAfee integrated defense architecture to automatically update defenses across the remaining environment.
- McAfee Active Response (MAR) delivered trace data that revealed malicious activity at Day Zero, helping responders identify the attack and update defenses across the environment.
- McAfee Network Security Platform: our IPS used its Signatureless and protocol anomaly engine to detect the backdoor planted on compromised machines, and has updated signatures to protect against the SMB RCE attacks as well as the Eternal* tools.
For customers on older endpoint technology, McAfee researchers analyzed samples of the ransomware immediately upon detection then updated McAfee Global Threat Intelligence (GTI) and released an emergency DAT and new HIPS signatures for extra coverage. I strongly encourage all our customers to join the millions of end users who have already upgraded to McAfee Endpoint Security v10.5 to enjoy the advanced technology and zero-day protection capabilities it provides.
The Big Picture
Though there is an immediate threat to be met, it’s important to keep an eye on the Big Picture. Now, more than ever, the “new threat, new widget” approach must evolve. It’s not sustainable to continue frantically filling cracks in a foundation that is sinking; we must begin building the proper foundation to begin with.
McAfee’s belief is that an effective defense is built on a dynamic cybersecurity platform that is both open and integrated. Open, so it can quickly accept new technologies that protect against even the most creative adversaries; and integrated in that technologies work together as a cohesive defense.
Those integrated defenses were on clear display in protecting our customers during this worldwide episode. Leveraging an automated security system that protects, detects and corrects in real time allows users to both free up resources and thwart advanced attacks. An integrated endpoint platform ensures that people have both the latest technologies today and the ability to add the newest technology year after year. As a result, users no longer have to choose between the best technology and the most manageable – they can have both.
Together is power.
To read more about how McAfee products protect against WannaCry, read “How to Protect Against WannaCry Ransomware in a McAfee Environment.”