- Weaponized NSA Grade Malware catastrophically brought down enterprises worldwide May 12, 2017
- Patches have been available for months. U.S. Presidential Executive Order issued May 11, 2017 asserted that the greatest threat to U.S. Cyber integrity are “Known attacks”
- Demo of how Bromium stops ransomware below.
The White House released the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure on May 11, 2017. On May 12, 2017, several large-scale attacks (42,000 by some estimates by Kaspersky) were instrumented and released across the global economy and governments, bringing down large swaths of infrastructure. The attacks were weaponized versions of the NSA malware illegally exfiltrated and subsequently released onto the Internet for anyone to use to support their nefarious objectives.
But patches to WannaCry were released by Microsoft back in March.
The unfortunate realty reinforced today: patches were issued in March 2017 that could have provided the necessary protections against these attacks, but the attackers realized that most enterprises would not yet be patched. It’s remarkably timely that the White House Executive Order stated the exact issue so very clearly, yet medical care, international shipping companies, and national governments were so negatively impacted.
The White House was right. Known attacks, left unpatched are your Achilles heel.
According to the Executive Order, “Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies (agencies). Known vulnerabilities include using operating systems or hardware beyond the vendor’s support lifecycle, declining to implement a vendor’s security patch, or failing to execute security-specific configuration guidance”
The cat and mouse game will continue only so long as you need an OS or applications.
Why did this happen?
Every day, an OS or application vendor releases a security patch to solve for an identified vulnerability to one of their systems. Without the patch, an attacker can access an enterprise system and create havoc, exfiltrate IP, or worse, affect the immediacy of health care. However, it is quite apparent the enterprise is dependent on receiving and implementing the security patches so as to keep their estate free from unwelcomed visitors. The security lock downs are reliant on being updated across the estate, to ensure viability and survivability of an attack. Unpatched systems will forever exist, therefore attackers will always have a way in.
The enterprise has vulnerabilities that have yet to be identified or worse yet, have been identified but IT operations can’t patch fast and broad enough due to legacy IT practices. Enterprise architecture, independent of which “gen” it is, legacy or Next Gen, require patches to thwart known attacks, to include everything from weaponized ransomware to kernel to application layer, etc. Generally, patches come only after someone has been compromised. In today’s case, patches were released months ago and the attacks were still successful.
Enterprises’ rise up and render endpoint attackers irrelevant: apply Application Isolation.
Welcome to virtualization. In the past decade, virtualization revolutionized IT and when applying a proven virtualization and abstraction platform to your endpoint to isolate ransomware or any other known or unknown attack, it’s called Application Isolation.
By applying Application Isolation, the enterprise gains control of their endpoint estate. The enterprise can control who gets to move content from their enterprise systems, encrypt content so that only particular machines can access it (so if the baddies are insiders, they can’t do anything with it once outside), or better yet, completely abstract that which is yours from those that want to get to it.
What this means to enterprises today.
Today, the future has arrived and it’s called Virtualization-based Security (VBS) and the enterprise can not only rest better knowing the news won’t affect them, but also give them back the control and ownership they’ve been paying for. By apply virtualization based security, enterprise IT and Cyber Security teams can patch at their own pace, and survive even weaponized NSA-Grade malware attacks. Bromium’s Application Isolation stops ransomware at the endpoint.
Please note: This demonstration shows one example—malicious documents—of how ransomware like WannaCry can enter your network. Bromium stops ransomware in its tracks. We use virtualization to contain threats – from applications, downloads, files, and while browsing – and you can then choose to let it run or shut it down.
A number of you bought into Bromium VBS starting years ago, and continue today (and we thank you!), knowing, it’s mathematically impossible to predict the future (even if you are given months’ notice), and your systems are now naturally protected. Enterprises can’t keep up with the untenable workloads associated with infrastructure updating. The attackers know they can target you with a piece of content, execute it on your host and own your system. But not if it’s protected by Bromium.
In a time when Public Sector systems are so critical to the sustainability of democracies worldwide, providing health care to the public and defending national security interests, Bromium Application Isolation is available to all government entities. We’ll help you, no questions asked. We started Bromium as an experiment to solve the greatest cyber challenges.
We are here to realize your independence and reassurance of cyber resilience. Contact us for a demo today.