[AusNOG] Something else to be worried about
Jason Ross
jason at ethisec.com.au
Sun Jun 25 13:58:55 EST 2017
This is just the first on many such attacks IMHO.
I’ve been saying for quite a while that next generation AV and firewalls are not going to save/protect you. I wonder how many people listen to the vendor hype around some of these solutions and leave it at that.
FWIW, I believe that multiple vendors is a good approach, still not enough for emerging threats though.
Six years ago, Mr. Ben-Oni had a chance meeting with an N.S.A. employee at a conference and asked him how to defend against modern-day cyberthreats. The N.S.A. employee advised him to “run three of everything”: three firewalls, three antivirus solutions, three intrusion detection systems. And so he did.
But in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually for urgent information failed to report it. He has since threatened to return their products.
> On 24 Jun 2017, at 2:51 pm, Mark Prior <mrp at mrp.net> wrote:
>
> <https://www.nytimes.com/2017/06/22/technology/ransomware-attack-nsa-cyberweapons.html>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170625/91c3ec0c/attachment.html>
More information about the AusNOG
mailing list