Skip to main content

The Hours of WannaCry from the Cisco Umbrella Blog



In the span of just 10 days, two large-scale, wormable attacks grabbed international headlines. First, a phishing campaign posing as a Google Docs sharing request gained access to Google accounts then spread across its victim’s contacts, and now, a ransomware campaign with a bite, named WannaCry, autonomously infected vulnerable systems leveraging an exploit leaked on the internet. In the early minutes of the attack, we worked with our Talos counterparts to analyse the behaviour of WannaCry and protect our customers. We were also particularly proud to see that our Investigate product helped MalwareTech reduce WannaCry’s impact. In this post, we hope to give you a retrospective analysis of what we’ve observed during the first critical hours of the event. 

Read more here.

Comments

Popular posts from this blog

Using OPENDNS on a Mikrotik

At the office we use a Mikrotik which is connected via fibre to Cool Ideas.  We use OpenDNS as a Information Security tool.  It prevents ransomware and bots from becoming major incidents within the office.

The router is scheduled to do a daily update via script of the OpenDNS settings.  Below is the example:

:local opendnsuser "user@domain.co.za";
:local opendnspass "itsprivate";
:local opendnshost "office";

:log info "OpenDNS Update";
:local url "https://updates.opendns.com/nic/update";
/tool fetch url=($url . "\3Fhostname=$opendnshost") user=("$opendnsuser") password=("$opendnspass") mode=https dst-path=opendnsupdate.txt
:local opendnsresult [/file get opendnsupdate.txt contents];
:log info "OpenDNS: Host $opendnshost - $opendnsresult";

The importance of the major incident process

ITIL mentions the Major Incident process as a special case of the incident management process as well its close relationship to problem management.  However, the Major Incident process requires greater clarity and specification as in many large enterprises the process is crucial for overcoming a crisis. A Major Incident typically defined as an incident with severe negative business consequences and an important duty of any designated Information Technology (IT) resources is to deal with Major Incidents in a structured manner.  We will address this important topic in a series of articles that specifically addresses the process and crisis management in general.

Read the full article here.

Cloud delivered enterpise security from Cisco Umbrella

As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

Read about the full product details here.