Carnage over the weekend, with a massive global cyber-attack, that according to the European Union’s law enforcement agency Europol is affecting 200,000 computers worldwide, disrupting industries across the globe in 12 countries. Victims include, FedEx, Renault, Nissan, Germany-s Autobahn and Spain’s Telefonica Telecommunications. In the UK, the National Health System had to turn away people for surgeries, claiming they had no access to records. https://www.bloomberg.com/news/articles/2017-05-14/hospitals-gain-control-in-ransom-hack-more-attacks-may-come
At YazamTech, from a rapid analysis of the last weekend’s global Ransom attack we learn that:
- Microsoft some months ago, delivered a security patch against this attack.
- Administrators didn’t install this patch on a huge number of their computers.
- Managers all over the world are wondering why this patch had not been installed on their computers, and why they were therefore not protected.
- Security Systems did not stop these attacks at the time (such as: Anti Viruses, Mail Gateways and Relays, Sandboxes, Firewalls)
- Security Vendors have provided information and tracking about the attack and its worldwide distribution, while they forgot to tell us why they didn’t prevent it on time (see report of: Kaspersky, Avast, FireEye, Forcepoint)
The above process is indicative of a predetermined failure:
- The best place to stop file attacks is at the Gateway, before they are inserted into the sensitive networks.
- The common security systems DO NOT stop file attacks: Anti Viruses, Sandboxes, Mail Gateways and Relays, Firewalls.
Only a real deep content filtering system, such as YazamTech’s SelectorIT, installed at the Gateway, is the response against the modern attacks embedded within file streams. Organizations that have implemented YazamTech, in many places in the world, were not infected, even if they forgot to install the latest Microsoft patch!