Many of
you have heard about WannaCry, or WannaCrypt (Ransom:Win32/WannaCrypt)
initially publicized by the DHS on May 12th. This worm is estimated to have
affected over 150 countries and more than 200,000 assets in its short run to
date. It also has prompted Microsoft to
release the first patch for Windows XP since end-of-extended-support
(unprecedented) in attempts to curb the rampant spread of infection. The kill
switch inadvertently discovered is only temporary as multiple iterations are
expected, a la Conficker.
Risk:
For Solutions
Providers and those in Manufacturing and Critical Industry sectors, the biggest
risk is generally not our base laptops – or surfing the web (although this is
frequently the entry point), but un-patched and unsupported production
systems and our development Virtual Machines (VMs) scattered across various
storage devices. Worms that spread
through an automated process are particularly dangerous to our way of business
due to the following factors:
- Manufacturing systems are often not patched, potentially leaving every Server 2008 R2 and Windows 7/8 system vulnerable to this exploit!
- Industrial systems frequently run out-of-support operating systems like Windows XP, Server 2003 and even Server 2000.
- VMs on external drives are notoriously difficult to monitor and less patched over our IT managed systems
- Specifically for WannaCry – client ICS networks without internet access will never receive the hardcoded kill switch. Once released WannaCry would spread unencumbered.
Call to Action:
Being a
good cyber-citizen starts with ensuring your VMs are patched to avoid infection
– or worse – spreading any malware across other networks. Additionally, it
requires your company to have a critical update patching process to evaluate
risk and successfully re-mediate vulnerable systems. The “It’s on fire”
reactive approach to patching introduces drastically more risk and cost to your
environment over having a planned and scheduled approach integrated with your
business process.
Apply patches through Windows Update, or
download Windows English language security updates:
Specific Actions:
- All: Work with your colleagues and partners to convey the immediate risk of ransomware today and work with them mitigate risks through project or support efforts to develop and ensure patching becomes a focus of your business.
- Plant Engineers and Solutions Providers: If you have a vulnerable VM in your possession please patch it immediately! (Snapshot it first and delete after verification)
Vulnerable Systems:
●
Windows 2000 Server (There is no planned patch for this operating
system. Fast track these systems
for lifecycle in the immediate term)
●
Windows XP (unprecedented patch release by
Microsoft)
●
Windows Server 2003
●
Windows 7
●
Window Server 2008
●
Windows 8
Important links:
●
US-CERT Alert: TA17-132A
●
Microsoft KBs: MS17-010
Security Bulletin
●
Microsoft Updates: MS17-010, MS17-006https://www.us-cert.gov/ncas/alerts/TA17-132A
●
Rockwell Automation Knowledgebase
Article: 546987
●
Rockwell Software Compatibility: MS
Patch Qualification Lookup
About the Author
Chris Hamilton
Sr. Technical Consultant, Manufacturing IT/OT
Grantek Systems Integration
Chris started his professional career in web design, databases, and server management with a focus in security at every level, but grew up around process flow and P&IDs in Biochemical Pharmaceuticals. In his roles at Grantek he has worked as a controls engineer, a systems engineer and an IT/OT consultant to bridge the gap between IT and Controls teams in order to help clients realize more efficient operations, leverage or implement standardized systems and most importantly understand the line between IT and OT and how it can and will shift with emerging technology and industry changes. He specifically focuses on the OT side today providing network audits and road mapping a migration plan for a client’s legacy or inefficient hardware as part of a client provided, or jointly developed OSA (Manufacturing Operations Systems Architecture).
About the Author
Chris Hamilton
Sr. Technical Consultant, Manufacturing IT/OT
Grantek Systems Integration
Chris started his professional career in web design, databases, and server management with a focus in security at every level, but grew up around process flow and P&IDs in Biochemical Pharmaceuticals. In his roles at Grantek he has worked as a controls engineer, a systems engineer and an IT/OT consultant to bridge the gap between IT and Controls teams in order to help clients realize more efficient operations, leverage or implement standardized systems and most importantly understand the line between IT and OT and how it can and will shift with emerging technology and industry changes. He specifically focuses on the OT side today providing network audits and road mapping a migration plan for a client’s legacy or inefficient hardware as part of a client provided, or jointly developed OSA (Manufacturing Operations Systems Architecture).
No comments:
Post a Comment