After Petya Improving Your Cyber Resilience Strategy Webinar
After Petya – Improving Your Cyber Resilience Strategy Webinar: 11 am CET
Petya Ransomware Attack: The Facts Sander Hofman Sr Technical Sales Europe
Petya history: • • • March 2016: First version of Peta May 2016: Petya meets Mischa December 2016: Petya returnsas “Golden. Eye” March 2017: A new “unauthorized” version of Petya appears June 2017: New Petya / Not. Petya outbreak causes …. . Source: Barkly Blog
Eternal. Blue • NSA Exploit • Successful deployment provides attackers with the remote execution they need to launch ransomware, credential stealers, or any other malware they want. • There a ton of devices with port 445 (the port associated with SMB) either knowingly or inadvertently open to the Internet right now — over 1 million if you're keeping score at home. • The Shadow Brokers leak provided everything even novice attackers need to start utilizing Eternal. Blue, including an exploit framework called Fuzz. Bunch that makes deploying it extremely simple Source: Barkly Blog
Key Facts about Petya/Not. Petya: • Over 150 countries affected. • 250, 000+ computers compromised • Petya being distributed via email (using the source email of 'wowsmith 123456@posteo. net' and includes the attachment 'Order 20062017. doc'). • Build for targeted destruction, not profit • Main target Ukraine Source: The Verge Blog
How to protect
Patching Confidential |
• Operating system • End Point Protection • Firewall • Proxy Confidential |
Network Hardening Confidential |
• End Point Protection • NON Admin • Firewall • Switch Blocking • Server Hardening • Mobile Devices Confidential |
Email Security Confidential |
ARMed SMTP Security (Advanced Reputation Management) Anti Spoofing checks Real-time Black hole List (RBL) Checks Global Network Outbreak detection Multiple content based heuristic scanning engines DNS-based checksum-based and statistical filtering definitions Multi-Layer Anti-Virus scanning 100% SLA for Known and Unknown Malware 99. 9% SLA for Spam Reduction Confidential |
Mimecast Malicious URL Phishing Protection • All URLs in every inbound mail are rewritten at the gateway • On click, every click real-time scanning of destination site • Access is granted to clean sites without delay. Access to compromised sites is blocked • Dynamic user awareness built-in - helps build a human firewall Confidential |
Mimecast Ransomware Attachment Protect • Pre-emptive sandbox checks email attachments pre-delivery • Option of innovative transcription with on-demand sandbox • Potentially harmful attachments replaced with transcribed safe versions • Employees have instant access to safe files • Request original via cloud-based sandbox if required Confidential |
Mimecast Impersonation & CEO Fraud Protection Actions: Configurable Actions on Suspicious Mail Bounce Message Key Identifiers: Name is One of my Users Names Domain is like one of my domains Keyword Dictionary Hold Message Tag Message Admin Subject Moderator Body User Review Header Configurable Actions on Suspicious Mail Tag Body E. g. “This message originated from outside the organization” Newly Observed Domain Reply-to Address Mismatch Confidential |
Internal Email Protect: How it works for internal emails Confidential |
Beyond the mailbox server your business needs… Security Archiving Email Gateway (MTA) Anti Virus/Anti Spam Anti Malware Anti (Spear) Phishing Email Encryption Data Leak Prevention Security Monitoring & Reporting Large File Transfer Email and File Storage Compliance e-Discovery & Legal Hold Enterprise Search End-User Access Storage Infrastructure Continuity Clustered Mail Servers Failover Data Centers Backup & Recovery Systems
Protect Continue Remediate You need the best technology that provides multilayered cloud security You need to continue to work while the issue is resolved You need to go back to the last known good state This is Cyber Resilience Confidential |
Thank You Mimecast Blog Confidential |
- Slides: 20