The Club of Experts of Information Security and Digital
Boost your gains
draw up the balance sheet of a hectic week
Paris – may 23, 2017 The global spread of unprecedented speed of WannaCry and its variants exploit a vulnerability in remote code execution, has greatly mobilized the RSSI (Responsible for Information Systems Security) and the teams in charge of the cyber security business and government during the weekend of may 13 and the days that have followed. The annual barometer Cesin-Opinionway was again this year the ransomware in the first rank of threats to the security of information systems, the Cesin has made it a point from the beginning of the week with its members on the impact of this malware is particularly virulent.
One survey flash conducted with the RSSI, the members of the association, sheds light on the impact of this attack.
Even if the majority of the companies surveyed had, at least partially, already deployed the security patch for the security flaw Microsoft addressed by a hotfix that is available from April 2017, a large part of them has set up a crisis cell, or a cell of vigilance on the evening of Friday 12 may, or even during the weekend, in order to assess the evolution of the operational situation on the planet and perform the preventive actions needed.
Large communication campaigns have been carried out with users, but also with the teams of support, showing, in particular, how is an infected computer as well as the procedures to follow in case of detection of an infection. A massive deployment of the security patch has been undertaken for the companies and governments which were not up to date. Emergency measures have included the implementation of specific campaigns updates additional for the platforms that are no longer supported by Microsoft, such as Windows XP or Windows 8. Some machines cannot receive security patches have even been arrested. These campaigns updates have created stresses strong with companies outsourcing to those who use that had to meet a very strong demand for their customers. The companies have implemented filtering systems to restrict the incoming flow on the ports that are vectors of the infection. Updates to antivirus and monitoring rules of SOC have been established, as well as increased monitoring of connections to botnets and areas that are impaired, and of the possible occurrence of file extensions indicating the start of an infection. The backup devices have been verified to ensure the effectiveness of the restorations if an infection occurs.
During the week, two attacks that exploit the same security vulnerability that WannaCry have been identified, leading to new actions of filtering, search of compromises, if any, and of monitoring.
The threat remains high and a constant watch is covered by all the organizations. The CERT-FR have been publishing new information regularly. Other security vulnerabilities and tools that exploit these vulnerabilities have been disclosed and are able to lead to short-term new episodes of cyber-attacks on a large scale. The crisis is still ongoing, it is too early to draw any conclusions. One can nevertheless wonder about the need to create channels of communication individuals in order to share with state agencies around the vulnerabilities of the most dangerous are not yet public. The CESIN reflects on the implementation of such a circuit for the exchange of information reserved to its members. Similarly, the vulnerabilities being exploited by the intelligence agencies, it appears appropriate to deploy security systems that are different from those that are present in the information systems of their targets.
The CESIN do not ignore the special relations between the state services and the publishers. In the present case, the committee regrets the lack of transparency from Microsoft as to the dangerousness of actual fault MS17-010, which, moreover, seems to have been used by certain intelligence services, but appreciate his providing quick fix for environments that are supported such as Windows XP.
In addition, the Cesin welcomes the independent work of three French researchers who have worked on the creation of the software named Wanakiwi (Benjamin Delpy, Matthieu Suiche and Adrien Guinet), a solution validated by the office of european Police Europol, allowing you to recover access to data that is locked (provided, however, that these machines have not been restarted). This solution developed in the emergency works, within the scope of the current version of the malware, on Windows XP, Windows Vista and Windows 7.
This crisis has, once again, demonstrated that the RSSI is at the centre of the protection of the informational heritage of the business through quiet time, find themselves in the frontline of cyber defence in turmoil. It also shows that the principles sometimes extreme precautions to companies that do patchent not for fear of malfunction of the applications are going to have to now choose between the risk of suffering from such attacks, or guard against them by applying the patches without necessarily doing a test of not-regression is complete.
Finally the CESIN underscores the urgent need for synergy between all stakeholders of cyber security.
About CESIN
The CESIN (Club of Experts of Information Security and Digital) is a 1901 act association created in July 2012, with the goals of professionalization, promotion and sharing around information security and digital.
The CESIN is a place of sharing of knowledge and experience that enables cooperation between experts in information security and digital, and between these experts and the public authorities.
The Club conducts workshops and working groups, carries out actions of awareness-raising and advocacy, organizes congresses, symposia, or conferences.
He participates in national procedures whose purpose is the promotion of information security and digital. It is a force of proposal on the regulatory texts, guides, and other repositories.
The CESIN brought together more than 300 members from all sectors of activity, public and private : active members, responsible for information security in their organisation, associate members, representatives of various authorities in charge of Information Security at the national level, and legal experts for IT security.
www.cesin.fr
Boost your gains