Petya / NotPetya: What Security Diligence Tells Us

Noah Simon | June 28, 2017 | tag: BitSight

There are many details of yesterday’s ransomware attack are still being worked out, and its impact is still being assessed. Yet, there are many security diligence steps organizations can take to reduce exposure to these types of attacks. Below are best practices security and risk teams should be aware of, and implications for organizations who fall behind.

bitsight recommendations

1. Assess Geographic Breakdown & Product Reliance In Your Business Ecosystem

Reports indicate that NotPetya may first have spread through a software update of M.E.Doc, an accounting product used by many Ukrainian companies. The update process was allegedly hijacked to drop the malware, but the company has denied that it was the initial infection vector in a Facebook post. As illustrated with recent cyberattacks on Dyn and Cloudflare, an outage or compromise of one product can affect thousands of organizations.

country filter.png

Using BitSight, organizations can identify organizations in their business ecosystem that are tied to a potentially risky product or service. Once identified, organizations can invite their third parties to review their security posture, and investigate and remediate any security issues.

Additionally, since companies with a presence in Ukraine were particularly hit, users can leverage the country filter in BitSight to search for any organizations with IP space in the country and reach out.

 

 

2. Close Any Ports That Are Left Unnecessarily Open

WannaCry spread through ports that were left unnecessarily open. Given the spread of NotPetya, organizations should disable SMBv1 block outside access to ports 137, 138, 139 and 445.

A BitSight study showed that out of thousands of companies studied, 60 percent of breached organizations had 10 or more ports susceptible to unauthorized use.

We recently strengthened that finding, discovering that organizations with an “F” as their BitSight Open Port (meaning many risky services are exposed to the internet) grade are more than twice as likely to experience a breach than companies with an “A.”

3. Ensure Devices on a Network's Endpoint Are Updated with the Latest OS Version

The exact affected versions of Windows operating systems from yesterday’s attack are not yet known, but as with the WannaCry attack, installing the latest OS version can often protect against major exploits. BitSight researchers recently found that thousands of organizations are running more than half of their computers on outdated operating systems, nearly tripling their chances of experiencing a publicly disclosed breach.

Given the correlation between outdated systems and data breaches, organizations should consider taking a proactive approach to securing their networks before these vulnerabilities are exploited by cyber criminals. They should also be aware of the third parties with access to their data and whether they fall behind in their patching processes. As the use of personal tablets, mobile devices, and laptops continues to grow, companies without robust endpoint security controls or mature third party risk management programs will likely be exposed to more cyber attacks in the future.

more to come

BitSight will provide an update as we learn more about NotPetya and its spread globally.

Suggested Posts

Celebrating 10 Years of BitSight: A Co-Founder Looks Back

It’s hard to believe, but BitSight is celebrating our 10 year anniversary this week! I co-founded BitSight in 2011 with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global...

READ MORE »

Meet Our Customer Success Team: Ashley Ritrovato

Check out this Q&A with a US-based member of BitSight's Customer Success team to learn about her role as an BitSight Advisor & Customer Success Manager, her experience, and more.

READ MORE »

Meet Our Customer Success Team: Alessandra Pilloni

Check out this Q&A with a London-based member of BitSight's Customer Success team to learn about her role as an Customer Success Manager, her experience, and more.

READ MORE »

Get the Weekly Cybersecurity Newsletter.