canopic jug writes:
A derivative of Microsoft Windows ransonware, Wannacry, has hit a Boeing production plant in Charleston, South Carolina. An internal memo from Mike VanderWel, chief engineer of Boeing Commercial Airplane production engineering, warned that the company's production systems and airline software were "at risk".
Wannacry was based on Microsoft Windows' CVE 2017-0144 which is used in the EternalBlue exploit kit. EternalBlue was initially utilized in apparent coordination with Microsoft's long delay in patching. Despite massive media spin, Wannacry was found to have hit all recent versions of Microsoft Windows.
The Verge: Boeing production plant hit with WannaCry ransomware attack
The New York Times: Boeing Possibly Hit by ‘WannaCry’ Malware Attack
The Daily Express: Vital Boeing computer network INFECTED with WannaCry VIRUS - is it safe to fly?.
Previously: UK Blames North Korea for WannaCry Attacks, Says NHS Didn't Follow Cybersecurity GuidelinesWannaCry Ransomware Attack Linked to North Korea by Symantec
EternalBlue was initially utilized in apparent coordination with Microsoft's long delay in patching. Despite massive media spin, Wannacry was found to have hit all recent versions of Microsoft Windows.
So in other words, they were all running the absolute latest and greatest and were still vulnerable.
Because up to date + using HTTPS = Perfect security!
People bitch and wine about Windows XP or old browsers, but remember: Whatever up-to-date OS you are using has security vulnerabilities RIGHT NOW. And there is good chance the bad guys already know about them. Don't believe me, come back in a year and see how many vulnerabilities get documented. (Right, but you won't care because you have moved on to an even more "up-to-date" system that still has security vulnerabilities but you just don't know about them, and besides the new thing-a-majig has even brighter bluer LEDs!)
It doesn't matter if you are running Windows Eleventeen or whatever, pretend that you are running Windows 95 and take extra security precautions.
Some of the follow up news after the City of Atlanta ransomware mentioned city employees were switching their computer to use public Wifi hotspots for internet access because the internal networks were shut down. My face is still bruised from the epic face palm.
I have a system still running WIN95. It works perfectly... Why change it?
Still have the same garage door too.
While this creed certainly does have some merit as in new systems will have bugs too it's still crazy to use an OS that is so old that the bugs are public knowledge. In that case not only the richest criminal syndicates and national states can attack you but literally anybody in the world and their dog.
I agree about killing blue LEDs and defense in depth. Maybe don't real any news for awhile so your face gets to heal... :)