Subscribe to our Blog
We know that WannaCry exploited a vulnerability in Windows software and NotPetya exploited the same vulnerability albeit through different means with a greater ability to subvert protections. We also know many recommendations are related to patching and some configuration changes. These are good recommendations given the attack vectors being used in this attack. However, we must bear in mind that this is a single attack built around the EternalBlue exploit only. Will the recommendations suffice not if, but when other exploits are utilised? Remember that the leaked tools include Windows exploits as well as exploits against the Linux OS, Mac OSX, iOS, Android and Cisco. I'm pretty certain that your organisation is likely using more than one of these platforms!
So back to the risk assessment. Now we all need to consider ourselves to be vulnerable to compromise, not necessarily by a nation state, but by actors with the tools of a nation state. It's also worth considering the leaks we've seen are from the NSA toolkit; there are certainly other intelligence agencies with a comparable cache.
It's fair to say we cannot trust the platform, but:
- Can we harden the platform to such an extent we can trust it? i.e. hardening to maximise security
- Can we make our platform immutable? e.g. use of read-only containers
- Can we use serverless architecture?
If we cannot trust the platform, can we trust our applications? Maybe! Can we trust the libraries our applications are using?
If we must operate upon a platform we cannot trust with application libraries that may be vulnerable, can we:
- Identify and react to attacks leveraged against these?
- Automatically or easy alter configurations to mitigate the attack or risk of attack?
