The Ivanti Threat Thursday Update for June 22, 2017
Greetings. In this edition of the Update: WannaCry resurfaces and shuts a Honda plant, Microsoft gets accused of anticompetitive Windows 10 security practices, a million-dollar ransomware payment, and the Girl Scouts take on cybersecurity. As always, do let me know your thoughts, please.
WannaCry Resurfaces, Takes Down a Honda Plant
Reuters reported that automaker Honda had to shut down its Sayama, Japan, production plant for a day on Monday, after a WannaCry ransomware recurrence. According to the report, “Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions, a spokeswoman said, despite efforts to secure its systems in mid-May when the virus caused widespread disruption at plants, hospitals and shops worldwide. Production at other plants operated by the automaker had not been affected, and regular operations had resumed at the Sayama plant on Tuesday.”
What We Say: Whether its WannaCry, a variant, or an entirely new attack, cyber threats will continue to wreak havoc. To learn how best to defend and prepare your enterprise, register for on-demand access to the webinar “WannaCry: It Wasn't the First, It Won't be the Last. So Now What?” Then check out Ivanti’s latest offer: discounts of up to 30 percent on combinations of select Ivanti cybersecurity solutions. And of course, keep reading our Patch Tuesday and Threat Thursday updates.
Windows 10: Microsoft Says It’s Secure, But…
A key feature of Microsoft’s Windows 10 is its Windows Defender Antivirus software. However, in apparent response to complaints from antivirus software company Kaspersky Labs, Microsoft had to admit that the Windows 10 Creators Update temporarily disables third-party antivirus software users may already have installed.
In a blog post, Rob Lefferts, Microsoft's partner director of the Windows & Devices Group, Security & Enterprise, wrote this. “If [third-party antivirus] software is protecting our customers, Windows Defender Antivirus will stay off. If a customer does allow an antivirus application to expire, Windows Defender Antivirus is automatically turned on so that they are not left unprotected.” “Only when [a third-party antivirus] subscription expires, and the [third-party] application decides to stop providing protection to the customer, will Windows Defender Antivirus begin providing protection,” Lefferts added.
Microsoft argues that it has been working closely with third-party antivirus software vendors. Despite this, as ZD Net reported, Kaspersky has accused Microsoft of acting to shut out third-party antivirus vendors in favor of its own solution. Kaspersky has taken its complaints to the European Commission, the German Federal Cartel Office, and Russia's Federal Antimonopoly Service, ZD Net added.
What We Say: Whatever the upshot of complaints from its competitors, your focus should be on achieving for your entire environment Microsoft’s stated goal for Windows 10—“always on” protection. This means your Windows 10 migration and rollout efforts must be closely aligned with your cybersecurity initiatives.
South Korean Firm Pays $1 Million to Ransomware Attackers
According to a GovInfoSecurity.com report, the South Korean Web hosting company Nayana has agreed to pay ransomware attackers the equivalent of US$ 1 million, perhaps the largest ransom payment made public to date. Some 153 of Nayana’s Linux servers were “forcibly encrypted,” affecting all of the company’s 3,400 customers, the report said. The company’s backups were also encrypted by the attack, leaving Nayana with no choice but to negotiate a payment plan and take out loans to pay the attackers, the report added.
What We Say: Paying a ransom provides no guarantee that attackers will restore access to encrypted data. Nor does it guarantee complete removal of the ransomware from the attacked environment. What enterprises need to do instead is to implement solutions and processes that prevent ransomware from running and spreading, and that create and maintain timely, comprehensive, and well-protected backups of critical data.
Girl Scouts of the USA to Offer a Cybersecurity Badge
To encourage more girls to pursue science, technology, engineering, and math (STEM) studies, Girl Scouts of the USA is partnering with Palo Alto Networks to develop a cybersecurity curriculum. “From September 2018, children as young as 5 will be able to qualify for a cybersecurity badge in a program intended to prevent future cyberattacks,” Newsweek reported.
“The national rollout of the program, which will eventually feature 18 different cybersecurity badges, is intended to take steps toward eliminating traditional barriers to industry access, such as gender and geography, the [Girl Scouts of the USA] said, with the cyber badge aiming to help ensure girls have a foundation for future career success.”
What We Say: Effective cybersecurity requires both modern, proven solutions, and comprehensive, continuing user education. Those education efforts don’t have to—and shouldn’t—be restricted to work environments, and certainly not to males only.
Ivanti: The Power of Proactive Protection
Ivanti solutions provide multi-layered protection against ransomware and other malware. Ivanti can also help with your Windows 10 migration challenges. And we’ve got numerous resources to support your user education efforts—including blog posts such as this one. Explore our Web site, then contact Ivanti, so we can help you help your enterprise gain greater security and control over its most critical IT challenges.