\n
![\"wikileaks.jpg\"](\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2017\/05\/wikileaks.jpg\" "\\"\\"")
The news of the WannaCry ransomware attacks targeting companies around the world this last weekend is just the latest in a long line of cyber carnage that has been happening. If the past few months are any indicator the damage inflicted on businesses by cyberattacks will escalate, and as this weekend proves it can all happen very, very quickly. It would appear the bad guys have broken through the front lines and are pushing the cyber defenders to the limit. The new N‑able survey provides us with insight and perspective around why and how this is happening.<\/p>\nLet\u2019s recap some of the big stories from the past few weeks:<\/p>\n
- \n
- Microsoft patches 45 unique vulnerabilities<\/a>\u00a0in its nine products, including three previously undisclosed vulnerabilities under active attack. These patches include one for a Microsoft Word zero-day exploit. This exploit has proved equally popular with cyber criminals dropping ransomware, banking Trojans and targeting Ukrainian rebels with malware. Apparently, the hard part of this story is that this zero-day exploit has been around since security firms identified attacks as far back as November 2016, with most firms pointing to the\u00a0Dridex banking Trojan as the major payload<\/a>.<\/li>\n
- WikiLeaks<\/a>\u00a0and\u00a0Shadowbroker<\/a>\u00a0zero-day exploits. Between the \u201cVault 7\u201d disclosures from Wikileaks and the Shadowbokers zero-day exploits for everything from Windows XP to Windows Server 2012, cybercriminals have (for free) a whole new arsenal of government-made malware to throw at us. If things were not particularly good for Defenders in Q1, Defenders in Q2 are going to have to step up their game even further.<\/li>\n<\/ul>\n
![\"zeroday.jpg\"](\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2017\/05\/zeroday.jpg\" "\\"\\"")
So, the question is how do you tackle the problem of zero-day exploits? Well it\u2019s a combination of your existing best practices\u2014which you are already doing, right?\u2014and securing what\u2019s being targeted. Many of the exploits dumped by Shadowbrokers assume access to Server Message Block (SMB) and the ability to make an SMB connection over TCIP. The recommended best practices are to disable SMBv1 and make sure you are blocking outbound and inbound UDP ports 137 and 138, as well as TCP port 139 and 445 at the firewall. Since one of the exploits targets Kerberos, we know Kerberos clients need to send UDP and TCP packets on port 88, so blocking that at the firewall would give you a win. Since security researchers have managed to get their hands on the payloads, you can expect antivirus vendors to be issuing updates pronto.<\/p>\nMuch needed perspective<\/strong>
\nThe new N‑able survey provides some much needed perspective and insight into why we\u2019re in this predicament. There are some really startling revelations within the survey, and my view is that it shows the business arena is ripe with opportunities for Managed Service Providers (MSPs) and IT providers to deliver more security services\u2014even simple things like Patch Management as a Service (PMaaS), user awareness training, and Backup as a Service (BaaS).<\/p>\nThis series of stats really hit home for me:<\/p>\n
\u201c87% of organizations have complete trust in their security techniques and technology, and 59% believe they are less vulnerable than 12 months previous. However, 71% of those same organizations have been breached in the same period.\u201d\u00a0<\/em><\/p>\n
Statistically the belief that \u201cit will never happen to us\u201d simply doesn\u2019t add up.<\/p>\n
The survey offers more insights and data around the kind of security technologies being used, and reveals an updated cost for data breaches. Given the revelations of the past few months, it\u2019s an important read. The bad guys have more tools to break into networks now, which means MSPs and IT providers are going to have a lot of victim customers demanding security services.<\/p>\n
Ian trump is global security strategist for N‑able. You can follow Ian on Twitter at @phat_hobbit<\/a><\/em><\/p>\n
<\/p>\n
Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at\u00a0Octopi Managed Services Inc<\/a>. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.<\/em><\/p>\n
You can follow Ian on Twitter\u00ae at\u00a0@phat_hobbit<\/a>.<\/em><\/p>\n
<\/p>\n
- WikiLeaks<\/a>\u00a0and\u00a0Shadowbroker<\/a>\u00a0zero-day exploits. Between the \u201cVault 7\u201d disclosures from Wikileaks and the Shadowbokers zero-day exploits for everything from Windows XP to Windows Server 2012, cybercriminals have (for free) a whole new arsenal of government-made malware to throw at us. If things were not particularly good for Defenders in Q1, Defenders in Q2 are going to have to step up their game even further.<\/li>\n<\/ul>\n