It has been a full week since the world was introduced to WannaCry, a ransom-worm that abused a previously-patched exploit in Microsoft Windows. Here is Verodin’s original WannaCry alert.
Beyond my irritation that malware always seems to strike on Fridays when we traditionally try to have an easy day leading into the weekend, this Friday was an opportunity to see IT security professionals in action.
While many groaned and tried to turn off their phones before their managers could drag them back into the office, a great many responded with dedication, class, and poise. In times of crisis, mettle is tested, and WannaCry became a live-fire exercise that tested technical defenses, vulnerability management programs’ efficacy, security operations center staff capabilities, and incident response processes.
I was working with a well-known insurance company last week, and they, like many others, work long hours to secure their enterprise even on a calm week. On Friday evening, after I had gone home to enjoy a drink and a book, they were recalled to focus on the WannaCry outbreak—even though their organization was ultimately unaffected.
Families, leisure activities, and the sweet relaxation that comes from a completed week were all put on hold, and the security work extended throughout the weekend.
At Verodin, a similar situation unfolded: Verodin’s Behavior Research Team (BRT) was called into action to create multiple WannaCry attacks—in Verodin’s parlance, “Actions”—for immediate release to customers. This was done so that customers could efficiently, effectively and empirically validate that their security controls were protecting, detecting, logging and alerting on WannaCry attacks.
Before the stroke of midnight:
- Verodin’s BRT composed multiple malware downloads, supporting network traffic, DNS queries and other, relevant attack variables
- Verodin’s engineering team tested the WannaCry behaviors
- Verodin’s Customer Success and Pre-Sales Engineering teams began outbound communication with customers so customers could quickly upload Verodin’s WannaCry content and validate their controls – if their controls mitigated WannaCry, great, if not, they could tune their controls then re-validate to ensure the tuning was successful
At Verodin, at the mentioned insurance company, and at countless organizations worldwide, IT security staff came together and muscled through an ugly, high-pressure situation.
Here’s to the tireless professionals who labor to keep our data and assets safe. You all deserve a quiet weekend, a strong brew, and the feel of sunshine.