Archives

WannaCry

Citrix & Bitdefender Prevent Another Zero-day Vulnerability with Hypervisor Introspection

We’ve Moved! Update your Reader Now.

This feed has moved to: http://feeds.feedblitz.com/citrix

Update your reader now with this changed subscription address to get your latest updates from us.

Continue reading..

Ransomware – Another Storm is Coming

Listen, and understand! That Terminator is out there! It can’t be bargained with. It can’t be reasoned with. It doesn’t feel pity, or remorse, or fear. And it absolutely will not stop… ever!”

Time-travelling killer cyborgs. As far as …


  

Related Stories

Continue reading..

3 Things to Look For in an Awesome Content Collaboration Product

As we move into 2018, many IT leaders will be looking for new content collaboration solutions that improve worker productivity and keep important files secure. If you’re looking for a new file sync-and-share solution, consider finding a product with these


  

Related Stories

Continue reading..

How Kansas Development Finance Authority prevented WannaCry with Citrix & Hypervisor Introspection

Citrix has really taken on the initiative of providing the most secure virtual computing platform in the market. — Jeff Kater, Director of IT at Kansas Development Finance Authority

With ever-evolving threats, Citrix realized that the hypervisor had an untapped …


  

Related Stories

Continue reading..

Uncover Security Blind Spots in Your Organization with Citrix & Bitdefender

If security used to be a compliance-only conversation, today it is a hot topic even at C-level. Recent ransomware attacks, such as WannaCry and GoldenEye, affected entire organizations, including companies like FedEx and Renault. Big brands, banks or state departments …


  

Related Stories

Continue reading..

WannaCry y Petya: Los nombres del miedo a perder los datos corporativos

Hace unas semanas el mundo se detuvo: WannaCry atacó a diversas empresas alrededor del mundo secuestrando sus datos corporativos y pidiendo rescate por devolverlos. La seguridad de la información volvió a estar una vez más en el centro de la …


  

Related Stories

Continue reading..

WannaCry e Petya: os nomes do medo de perder os dados corporativos

Há algumas semanas, o mundo parou: o WannaCry atacou diversas empresas, sequestrando seus dados e pedindo resgate para devolvê-los. A segurança da informação novamente esteve no centro da cena graças ao ransomware e ficou mais tangível esse temor sempre existente …


  

Related Stories

Continue reading..

Mitigación de WannaCry con VMware NSX

El WannaCry, que afecta el sistema operativo de Microsoft Windows, ya ha infectado cientos de miles de ordenadores de todo el mundo en un incesante ataque con ransomware a una escala sin precedentes.

Ángel Villar Garea, ingeniero en sistemas de VMware, comenta y muestra cómo puede ayudar VMware NSX a proteger infraestructuras contra los ataques de WannaCry y otros similares.

Si quieres saber más sobre cómo protegerte de las amenazas más recientes a la ciberseguridad con VMware NSX, descarga tu ejemplar gratuito de &#rsquo;Network Virtualization for Dummies&#rdquo;

Echa un vistazo a nuestro blog y sigue a @VMware_ES para estar al tanto de todas las novedades de VMware.

 

Read more..

Mitigación de WannaCry con VMware NSX

El WannaCry, que afecta el sistema operativo de Microsoft Windows, ya ha infectado cientos de miles de ordenadores de todo el mundo en un incesante ataque con ransomware a una escala sin precedentes.

Ángel Villar Garea, ingeniero en sistemas de VMware, comenta y muestra cómo puede ayudar VMware NSX a proteger infraestructuras contra los ataques de WannaCry y otros similares.

Si quieres saber más sobre cómo protegerte de las amenazas más recientes a la ciberseguridad con VMware NSX, descarga tu ejemplar gratuito de &#rsquo;Network Virtualization for Dummies&#rdquo;

Echa un vistazo a nuestro blog y sigue a @VMware_ES para estar al tanto de todas las novedades de VMware.

 

Read more..

WannaCry Fallout: Implement ‘Least Privilege’ Now

Co-Author: Sisimon Soman is a senior member of the technical staff for VMware EUC, responsible for VMware User Environment Manager R&D. Having worked at Bromium, Citrix, EMC and others, he is well versed in end-user security and threat remediation.

It&#rsquo;s been a few weeks since WannaCry ransomware captured headlines and computers the world over. We now know how it spread, and how it captured so many Windows 7 machines.

The WannaCry (also known as WannaCryptor) attack was first reported on May 12 and spread to more than 230,000 computers in over 150 nations. Attackers used strong encryption to render captured computers useless without the correct unlock keys. Additionally, there are reports that victims could not decrypt their files even after paying the ransom.

WannaCry&#rsquo;s ransomware component of the payload works just like other ransomware; it searches for files with specified extensions and encrypts them. But its worm component is different, and it uses an Server Message Block (SMB) v1 vulnerability (CVE-2017-0144) to spread.

Microsoft released a security update (MS17-010) to fix this vulnerability on March 14, 2017. This March-to-May windowdemonstrates that even if OEM manufacturers respond in a timely manner to exploits, often, the weak link is the end user failing to apply the required patch.

At VMware, we believe there&#rsquo;s another way. If computers and networks are intelligently locked down, then end-user tardiness may be temporarily mitigated.

Technical Details

After the infection, the malware dropper code attempts to connect to the below URL using InternetOpenA() WinInet API and exits if the connection is successful. We therefore recommend that you allow this traffic through your filters in order to stop the malware activity.

www [dot] iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea [dot] com

Next, the dropper installs and starts a service named mssecsvc2.0, which in turn, drops the payload &#lsquo;C:WINDOWStasksche.exe&#rsquo; and executes it. Prior to copying the payload, dropper renames the existing tasksche.exe.

The worm component scans all internal and external endpoints, and exploits the SMB v1 vulnerability to spread. The ransomware component searches files with specified extensions (Microsoft research shows 178 file types) and encrypts them.

Attack Vectors

According to Microsoft there are two highly likely scenarios used by WannaCry:

  1. SMB vulnerability
  2. Social engineering

It is not easy to exploit the SMB vulnerability from outside an organization because of the multiple layers of protection (firewalls, multi-tiered DMZ, etc.) commonlydeployed. It&#rsquo;s often easier to trick a user into clicking and launching malware using social engineering and phishing techniques.

After this initial infection within the organization, it can then use the SMB vulnerability to spread inside. Our analysis shows that this initial attack vector, using social engineering, can be prevented by enforcing the principle of “least privilege.”

As part of infecting an endpoint, WannaCry performs the following actions:

  1. Drops a payload to the C:WINDOWS directory
  2. Creates / updates several HKLM keys including ‘Run’ key
  3. Creates a service

When a user inadvertently clicks on a malware attachment in an environment where they do not have local admin privileges or elevated permissions to system folders and the HKLM registry hive, the process does not have the ability to drop and execute its payload.

In other words, if computers and networks are intelligently locked down, then malware struggles to propagate. Although the SMB vulnerability vector does not require any user action, the social engineering vector does, and the principle of least privilege could potentially prevent infection. The United States Computer Emergency Readiness Team(US-CERT) mentions the principle of least privilege as one of their recommended steps for preventing attacks like this.

Removing Users’ Admin Rights

Part of the answer to attacks like WannaCry is to simply remove admin rights from end users. However, that&#rsquo;s not as straightforward as it may sound. There are a couple of reasons why enterprises continue to provide local admin access to user accounts:

  1. Legacy applications (vendor and in-house written) update files and sub-folders in system and program files directories instead of writing to user data folders. Some of them also update HKLM locations instead of HKCU.
  2. Users need to install applications.

Balancing Least Privilege & User Empowerment

Very few users are happy with a totally locked down PC. There&#rsquo;s often a case for a user patching software, or installing something that is outside of a corporation&#rsquo;s standard image in order to be more productive at their job.

What is needed is a smart management system, that allows for the flexible application of admin rights in a policy-controlled way. Many vendors offer such a system. VMware&#rsquo;s answer is VMware User Environment Manager. (Clearly, we believe our technology is better than that of our competitors, but for the sake of computers everywhere, please investigate deploying such a solution.)

It is precisely for handling the use cases mentioned above—whilst maintaining the principle of least privilege—that we recently announced the ability to configure privilege elevation for applications in our newest release of User Environment Manager 9.2. You can remove the administrator privilege from domain users and still allow users to start certain applications as administrators.

[Read more: Introducing VMware User Environment Manager 9.2 with Privilege Elevation]

Additionally, if your internal network is completely open, we strongly encourage you to consider micro-segmentation to help arrest the spread of infections should your perimeter defenses prove insufficient.

[Read more: Use a Zero Trust Approach to Protect Against WannaCry]

VMware is committed to help IT secure interactions between users, applications and data, in an environment that is changing and becoming increasingly dynamic—from public and private multi-cloud environments to the proliferation of mobile devices. Read more about our approach to transforming security, or download a free trial of User Environment Manager and experience policy-controlled least privilege yourself.

References:

  1. https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/
  2. https://www.us-cert.gov/ncas/alerts/TA17-132A

The post WannaCry Fallout: Implement &#lsquo;Least Privilege&#rsquo; Now appeared first on VMware End-User Computing Blog.

Read more..


Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 580994 bytes) in /home/content/36/8658336/html/goquecom/wp-content/themes/WPGoqueV52/library/misc.php on line 25