hit by “wannacry” (may be you deserve it) …

Guys

Again a ransomware outbreak on the news.

May I say I am not surprised at all?

And may I say that the media coverage has been ridiculous and instead of presenting the event as something that should highlight the incompetent behaviour of managers targeted by this issue they claims about “cyberattack” which is a completely different thing.

And yet people asking why? how come? how this can be possible? again really?

We know that CyberSecurity is always a side though from most of the management no matter where. The proof, beside the claims from CEO, IT Managers and generally speaking CxO, is always there, on the data of the malware spreading.

Today is wannacry (wannacryptor or whatever you want to call it), tomorrow will be something else.

 

But for once let us try to be serious on those stuff….

First dig it a little on the specific here:

https://securityintelligence.com/wannacry-ransomware-spreads-across-the-globe-makes-organizations-wanna-cry-about-microsoft-vulnerability/

not ask ourselves a few questions.

Why Ransomware Strike?

ransomware are becoming increasingly common. The spread is due to 3 main reasons:

  1. a ransomware is a damn easy peace of code to write, because it leverage the read, write and modify rights to access files so does need any Rocket Science behind to make damage.
  2. the cryptocurrency gave to ransomware what was needed, the possibility to monetize the attack in a fairly secure way. Before bitcoin and co was quite difficult to make money transfers without being caught…
  3. the security level of the IT in the world is still at the caveman age surrounded and filled by incompetence and a great deal of stupidity.

Let us be clear, the patch to close the vulnerability used by this last piece of ransomware was available since a few… but it is quite interesting to notice how, as of now, patching is still considered a minor activity in many IT infrastructures.

Who is responsible of this situation? Of course of a higher management blind and irresponsible that does not even think for a moment (till it is too late) that nowadays we all depend of our digital infrastructure.

the infection start with a mail or a usb infected key…. really?

How long we will avoid to train properly our workforce to teach them how to deal with email and attachment?

the infection leveraged a vulnerability on windows that were already covered by a patch from Microsoft… really?

How long we will consider patching the systems a useless activity or, at least, a minor one?

Sad truth sometimes would be easy to protect from those outbreak just simply implementing a minimum sound IT system, good backup policies, good patch management and … but we are telling those things since the very beginning of time.

The whole point is that till we will not manage the security aspects of our digital infrastructure in a serious and comprehensive way we will be exposed to this spread of junk again and again. And the more we rely on computers and digital infrastructure the more we will become targets.

So when you ask yourself who is to blame for this or other outbreaks, who is behind this worldwide attack?

 

Blame our stupidity.

Next could be worse.

 

 

Antonio Ieranò
CSO, Cyber Security Architect, technical evangelist, consultant, writer, journalist and trainer
I am a Security Manager and architect, CSO, BDM, marketing specialist, and tech evangelist with over 20 years of experience serving as a community liaison, subject matter expert, and high-profile trainer for key technologies and solutions. My experience includes acting as the public face of Huawei technology and before Cisco security technologies; leading pan-European technical teams in development of new Cisco security products; and serving as a key public speaker and trainer on behalf of new high-tech products. My expertise spans IT development and implementation, marketing strategy, legal issues, and budget / financial management.

Specialties and Executive Expertise
IT Strategy, Technical Audits, Enterprise Architecture & Applications, Technical Sales Liaison, Solution Architecture, Network Design, Architecture, & Security, Vulnerability Assessment & Management, Systems Engineering, Data Privacy, Cloud Computing, Marketing Strategy, Budget Management, Social Media Marketing, High-Impact Presentations,incident handling, Forensics, Italian companies, Authentication, Infrastructure security, Security manager, Security issues, Attacks, Security infrastructure, Data encryption

Security and Technical Advisoring
Project Management
Business Development and Marketing

To the official site of Related Posts via Taxonomies.

CC BY-NC-SA 4.0 hit by “wannacry” (may be you deserve it) … by The Puchi Herald Magazine is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.


One thought on “hit by “wannacry” (may be you deserve it) …

  1. Pingback: hit by “wannacry” (may be you deserve it) … – The Puchi Herald Reblog