<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">This is just the first on many such attacks IMHO.<div class=""><br class=""></div><div class="">I’ve been saying for quite a while that next generation AV and firewalls are not going to save/protect you. I wonder how many people listen to the vendor hype around some of these solutions and leave it at that.</div><div class=""><br class=""></div><div class="">FWIW, I believe that multiple vendors is a good approach, still not enough for emerging threats though.</div><div class=""><br class=""></div><div class=""><span style="color: rgb(51, 51, 51); font-family: georgia, 'times new roman', times, serif; font-size: 17px; background-color: rgb(255, 255, 255);" class="">Six years ago, Mr. Ben-Oni had a chance meeting with an N.S.A. employee at a conference and asked him how to defend against modern-day cyberthreats. The N.S.A. employee advised him to “run three of everything”: three firewalls, three antivirus solutions, three intrusion detection systems. And so he did.</span></div><div class=""><br class=""></div><div class=""><span style="color: rgb(51, 51, 51); font-family: georgia, 'times new roman', times, serif; font-size: 17px; background-color: rgb(255, 255, 255);" class="">But in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually for urgent information failed to report it. He has since threatened to return their products.</span></div><div class=""><br class=""></div><div class=""> <br class="">
<br class=""><div><blockquote type="cite" class=""><div class="">On 24 Jun 2017, at 2:51 pm, Mark Prior <<a href="mailto:mrp@mrp.net" class="">mrp@mrp.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><<a href="https://www.nytimes.com/2017/06/22/technology/ransomware-attack-nsa-cyberweapons.html" class="">https://www.nytimes.com/2017/06/22/technology/ransomware-attack-nsa-cyberweapons.html</a>><br class="">_______________________________________________<br class="">AusNOG mailing list<br class=""><a href="mailto:AusNOG@lists.ausnog.net" class="">AusNOG@lists.ausnog.net</a><br class="">http://lists.ausnog.net/mailman/listinfo/ausnog<br class=""></div></div></blockquote></div><br class=""></div></body></html>