WannaCry RansomWare RansomWorm

[FrgMstr]

Even though you are likely very much in the the know when it comes to the WannaCray RansomWare Rasomworm, it is worth repeating that you should make sure that your systems are patched in order to inoculate your Windows boxes. Over the weekend, Microsoft even dropped patches for older operating systems that are not longer officially supported.

​

• In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
  
• For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional "defense-in-depth" measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
  
• This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

Microsoft has not kept quiet on what it thinks about its customers as well as the US Government. Microsoft went as far as to suggest that these stolen vulnerabilities could be compared to a stolen Tomahawk missile.

Second, this attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support.

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

If having backdoors for government surveillance has seemed like a good idea to you in the past, although a somewhat different subject, this should underline exactly why that is likely a bad idea. Governments are not good when it comes to keeping tech secrets secret.

 

[Zion Halcyon]

What sucks is this is allegedly spy wars, and we're caught up in the middle.

Supposedly, it was the NSA who leaked to Wikileaks to show the damage the CIA is doing and their God complex, and this latest bout of ransomware is the CIA's revenge for being exposed, if you believe such things.

It its true, as usual, us run of the mill citizens are caught in the middle of a pissing contest between spy agencies... lovely.

 

[Pusher of Buttons]

I got the heads up here on HardOCP HOURS before our AO sent out their "Early" warning on this.

What sucks is this is allegedly spy wars, and we're caught up in the middle.

Supposedly, it was the NSA who leaked to Wikileaks to show the damage the CIA is doing and their God complex, and this latest bout of ransomware is the CIA's revenge for being exposed, if you believe such things.

It its true, as usual, us run of the mill citizens are caught in the middle of a pissing contest between spy agencies... lovely.

It also gives you an interesting threat map of which foreign powers are keeping up to date on their security patching. The fact that the Russian Interior Ministry went down from it shows you a pretty clear picture that may be a weak point in the Russian gov system. It's like an ocean trawler...you're going to get a bunch of bycatch, but hopefully you sweep up some goodies in the process too. By releasing this, they can see their exploits in the wild while not being held personally responsible for their release.

 

[jfreund]

Governments are not good when it comes to keeping tech secrets secret.

And Microsoft is not good at keeping Windows Update about updating the user's installation of Windows.

 

[heatlesssun]

Called it, a damn Windows 10 advertisement. Have you no shame MS?

Huh? All they said was that Windows 10 wasn't being targeted. Even you're running Windows 10 without the patch, it too was susceptible to the SMB worm before the patch, Windows Defender quarantines the encryptor payload. A lot of antivirus does as does Microsoft Security Essentials for older versions of Windows. The most basic and free anti-virus software would have protected devices from this attack.

And sure there's plenty of blame to go around but yet again we're seeing attacks that shouldn't have been nearly this bad because the most basic security measures aren't being taken on network connected devices. And that's not the NSA's fault, WikiLeaks fault or Microsoft. At some point you just have to take basic security measures or have this happen.

 

[Jim Kim]

A lot of antivirus does as does Microsoft Security Essentials for older versions of Windows. The most basic and free anti-virus software would have protected devices from this attack.

And sure there's plenty of blame to go around but yet again we're seeing attacks that shouldn't have been nearly this bad because the most basic security measures aren't being taken on network connected devices. And that's not the NSA's fault, WikiLeaks fault or Microsoft. At some point you just have to take basic security measures or have this happen.

Microsoft Security Essentials is absent where it was needed most, thanks Microsoft spin doctor keep spinning.

Microsoft Statement: Technical support for Windows XP is no longer available, including updates that help protect your PC. Except when we deem it necessary for the public good because we really eff-ed up.

 

[jkw]

Microsoft made and distributed software with vulnerabilities. So, ultimately Microsoft is more to blame than anybody (except for the ransomware creator of course).

 

[heatlesssun]

Microsoft Security Essentials is absent where it was needed most, thanks Microsoft spin doctor keep spinning.

Microsoft Statement: Technical support for Windows XP is no longer available, including updates that help protect your PC. Except when we deem it necessary for the public good because we really eff-ed up.

It's no secret that once XP went out of support that it was going to be vulnerable to attacks. Windows XP is 16 years old at this point and devices running it should not be connected to the internet.

 

[Pusher of Buttons]

Microsoft made and distributed software with vulnerabilities. So, ultimately Microsoft is more to blame than anybody (except for the ransomware creator of course).

Eh. No piece of software is bullet proof, and particularly not when it's been around so long and has the attack profile Windows has, and REALLY not when you're talking about state-sponsored hacking and the budgets involved. FBI supposedly paid $1 million for the iPhone crack for one guy's phone....how much do you think the NSA and CIA have budgeted for buying exploits? It has to be astronomical. For the rest us it's just easier to build a bomb shelter than it is to try and stop the bombs from falling....make sure your backup and DR strategy is sound and you can ride out most of this nonsense.

 

[heatlesssun]

Microsoft made and distributed software with vulnerabilities. So, ultimately Microsoft is more to blame than anybody (except for the ransomware creator of course).

And it's fine to assign blame to Microsoft. But that still doesn't absolve everyone of not taking basic security precautions.

 

[B00nie]

It's no secret that it was going to be vulnerable to attacks. Windows is years old at this point and devices running it should not be connected to the internet.

Here, fixed that for you...

 

[JosiahBradley]

Mad props still for [H] alerting me to this before anyone else. And they say surfing at work lowers efficiency. We were in patching before the first alerts went out thanks to these articles.

 

[jkw]

Eh. No piece of software is bullet proof, and particularly not when it's been around so long and has the attack profile Windows has, and REALLY not when you're talking about state-sponsored hacking and the budgets involved. FBI supposedly paid $1 million for the iPhone crack for one guy's phone....how much do you think the NSA and CIA have budgeted for buying exploits? It has to be astronomical. For the rest us it's just easier to build a bomb shelter than it is to try and stop the bombs from falling....make sure your backup and DR strategy is sound and you can ride out most of this nonsense.

As long as you keep letting software makers off the hook, we'll keep getting vulnerabilities and malware, and crap software.

Also, exploit budgets, AV, and firewalls are irrelevant when the target software is shit, their patches are shit and break things every other month, and they keep making the patching processes and vulnerability disclosures more convoluted and difficult to manage.

Remember that WannaCry would never have existed if the software maker had made secure software in the first place, or patched earlier. We got WannaCry because you're so willing to let the software maker off the hook and blame everybody else.


Disclaimer: I've been working in the vulnerability management and exploit industries for 20+ years.

 

[SomeoneElse]

Anyone else feel like these are just the "warm up" runs? I have a feeling this shit is only starting to hit the fan and is yet to happen. First the IoT massive DDoS a month or so, now a massive crypto worm, i think we are just getting started....interesting and scary times are ahead. Trying to keep my parents up to speed by they are kind of oblivious. Hopefully we can develpoe some tools to fight this effectively but encryption is nothing to scoff at especially when government agencies think they should have a backdoor to these things which in turns makes everything vulnerable to attack including the tools its self.

 

[heatlesssun]

Remember that WannaCry would never have existed if the software maker had made secure software in the first place, or patched earlier. We got WannaCry because you're so willing to let the software maker off the hook and blame everybody else.


Disclaimer: I've been working in the vulnerability management and exploit industries for 20+ years.

And it you have been working in cybersecurity for this length of time you very well understand that cybersecurity is a multi-layered process. Blame Microsoft for their part. But that doesn't excuse people for not implementing basic security practices. We KNOW there will be software flaws, no they shouldn't happen but they do. That's why good security involves multiple layers such that no one flaw should be a catastrophic single point of failure.

 

[Grimlaking]

Yes this code is bad news, the fact that it exploits so many MS Operating systems is also bad news. The fact that SO MANY CORPORATE AND GOVERNMENT ASSETS ARE OUT OF DATE is also bad news. But there is a point here that so many are missing.

The places that had agressive, managed systems by on site IT assets that were dedicated to their job and given the resources to do it right. You know what this attack did to them? Gave them a reason to log on and check systems then chuckle at everyone else getting burned. Maybe even offering to help where they could.

You know you really got burned.. everyone that has made IT the bottom dollar spend in the corporate budgets and more importantly those that have outsourced their IT to third parties that are doing it for the bottom dollar. Congratulations companies like FedEx. You SCREWED YOURSELF. Yea Malware is bad... but if you had an in house IT team that was properly funded, and developed current code to run on current OS's you know what you would have been doing during this attack? Continuing to operate a business. NOT looking like criminally incompetent jackholes.

So to the corporations that got burned because you made the CHOICE not to spend on proper IT infrastructure and updates... guess what. THIS IS YOUR FAULT. Own it your CFO, CEO, and board member asshats trying to shave off every penny of value from your company to generate a higher stock value. Lets see how well you survive in the world of internet and 0 day exploits. INVEST IN YOUR INFRASTRUCTURE.

Sigh... Same go's to our government from local to federal.

 

[Jagger100]

What sucks is this is allegedly spy wars, and we're caught up in the middle.

Supposedly, it was the NSA who leaked to Wikileaks to show the damage the CIA is doing and their God complex, and this latest bout of ransomware is the CIA's revenge for being exposed, if you believe such things.

It its true, as usual, us run of the mill citizens are caught in the middle of a pissing contest between spy agencies... lovely.

Story was the CIA lost a laptop with all the goodies. Is someone saying that the NSA ratted them out or made it up?

 

[Pusher of Buttons]

Story was the CIA lost a laptop with all the goodies. Is someone saying that the NSA ratted them out or made it up?

I think it's more just general distrust that either agency is going to tell you exactly what happened. "Lost a laptop" could mean anything from "Lost a laptop" to "Intentional release of exploits that we deem expendable because we have MUCH better ones in our stockpile and we want to cause a little havoc while seeming that we've overplayed our hand"

 

[joblo37pam]

Remember that WannaCry would never have existed if the software maker had made secure software in the first place, or patched earlier. .

There is no such thing as an operating system without vulnerabilities. You can complain about the effectiveness of the Windows Update system and it causing a hesitation to patch, but you can't say that something like this wouldn't have happened if any other operating system were the major player. Anything created by humans will be imperfect.

 

[NeoNemesis]

Makes me wonder if we're getting to the point where it's just going to be one never ending attack....

 

[Cyraxx]

What bewilders me in all of this is how in our current technology age that we aren't able to track money to the point of at least identifying someone.

If a monetary asset of any kind is being held somewhere, it seems plausible to be able to track where it came from and who owns the account regardless of the location...

 

[Gigantopithecus]

I think it's more just general distrust that either agency is going to tell you exactly what happened. "Lost a laptop" could mean anything from "Lost a laptop" to "Intentional release of exploits that we deem expendable because we have MUCH better ones in our stockpile and we want to cause a little havoc while seeming that we've overplayed our hand"

This thought crossed my mind, too. 'Look what we can do with a tool that exploits a vulnerability that has been widely-published for months, and has been fixable for months. Imagine what we can do with...'

But if choosing between straight up large-scale stupidity (some not-too-thorough criminal who left a glaring, easy killswitch plus lots of outdated boxes run by lots of stupid people) vs a government conspiracy, then I'll put $1 on the former.

 

[Gigantopithecus]

What bewilders me in all of this is how in our current technology age that we aren't able to track money to the point of at least identifying someone.

If a monetary asset of any kind is being held somewhere, it seems plausible to be able to track where it came from and who owns the account regardless of the location...

We are able to do this, but a whole lot of people make a whole lot of money ensuring we don't.

 

[Pusher of Buttons]

Makes me wonder if we're getting to the point where it's just going to be one never ending attack....

It already is for the most part...might have even been on here I read it....but an unsecured IP camera gets hijacked in a matter of minutes from being hooked up. As an IT minded group we're more aware of the day to day infections and precautions, but your average consumer or even small business doesn't have any idea. They call up their ISP or something because "their computer is slow" when it's really infested to the eyeballs with malware.

 

[DMFD-Minister]

Yes this code is bad news, the fact that it exploits so many MS Operating systems is also bad news. The fact that SO MANY CORPORATE AND GOVERNMENT ASSETS ARE OUT OF DATE is also bad news. But there is a point here that so many are missing.

The places that had agressive, managed systems by on site IT assets that were dedicated to their job and given the resources to do it right. You know what this attack did to them? Gave them a reason to log on and check systems then chuckle at everyone else getting burned. Maybe even offering to help where they could.

You know you really got burned.. everyone that has made IT the bottom dollar spend in the corporate budgets and more importantly those that have outsourced their IT to third parties that are doing it for the bottom dollar. Congratulations companies like FedEx. You SCREWED YOURSELF. Yea Malware is bad... but if you had an in house IT team that was properly funded, and developed current code to run on current OS's you know what you would have been doing during this attack? Continuing to operate a business. NOT looking like criminally incompetent jackholes.

So to the corporations that got burned because you made the CHOICE not to spend on proper IT infrastructure and updates... guess what. THIS IS YOUR FAULT. Own it your CFO, CEO, and board member asshats trying to shave off every penny of value from your company to generate a higher stock value. Lets see how well you survive in the world of internet and 0 day exploits. INVEST IN YOUR INFRASTRUCTURE.

Sigh... Same go's to our government from local to federal.

Makes me wonder if Palo Alto customers with the sandbox, or NSX customers with proper firewall rules got hit as hard or if it contained better. Horizon and Citrix customers doing their jobs right should have fared quite well. Cheapo Corps won't invest in any of this tech.

 

[Grimlaking]

What bewilders me in all of this is how in our current technology age that we aren't able to track money to the point of at least identifying someone.

If a monetary asset of any kind is being held somewhere, it seems plausible to be able to track where it came from and who owns the account regardless of the location...

Let me paint a picture. Someone go's to a website and says.. Fine let me buy this Cryptocurrency. Now I have to send it to this address I was given. They take the cryptocurrency to the site that was a hacked site set up just to receive this money and turn around and send it through 15 other holders before the currency is cashed in. Now with cash in hand they go to 6 different used car dealerships and buy 6 different cars. Then they take those 6 used cars and sell them to 6 other entities. Now they have clean money with proof of where it came from tied to a fake name that simply divides the cash to unknown individuals and they all walk away. It would take an INCREDIBLE amount of work to find the actual culprits if it was even possible.

 

[Grimlaking]

Makes me wonder if Palo Alto customers with the sandbox, or NSX customers with proper firewall rules got hit as hard or if it contained better. Horizon and Citrix customers doing their jobs right should have fared quite well. Cheapo Corps won't invest in any of this tech.

Firewalls should only be a small part of the solution. If someone took their corporate laptop, put it on the public network and managed to get infected because their Anti Malware solution was out of date. When they bring it in office and it spreads to every other system with out of date malware, and systems running MS OS's from the year 1999, then guess what. They get hosed too unless they are segregated by yet another firewall in their environment.

Network is part of the solution, but as I just posted on a linkedin article. The real solution here is to have an IT team that is an integral part of the company, and not viewed as another expense. Information is the the life blood of your company. And IT is the cardiovascular and immune defense for your company. Treating it like a toenail and paying it in leftovers will leave you vulnerable to each threat coming down the pipeline.

 

[Cyraxx]

Let me paint a picture. Someone go's to a website and says.. Fine let me buy this Cryptocurrency. Now I have to send it to this address I was given. They take the cryptocurrency to the site that was a hacked site set up just to receive this money and turn around and send it through 15 other holders before the currency is cashed in. Now with cash in hand they go to 6 different used car dealerships and buy 6 different cars. Then they take those 6 used cars and sell them to 6 other entities. Now they have clean money with proof of where it came from tied to a fake name that simply divides the cash to unknown individuals and they all walk away. It would take an INCREDIBLE amount of work to find the actual culprits if it was even possible.

Except I'm sure that's not the case, bre realistic here. It's one thing to divide it up amongst many bank accounts (particularly foreign ones) - but the buying and selling used cars is just not feasible. I guarantee they don't have to go to that extent.

 

[Ur_Mom]

Makes me wonder if we're getting to the point where it's just going to be one never ending attack....

Put an unpatched XP machine on the public internet. See how fast it is compromised. It is a never ending attack. It's constant. I wouldn't give that XP machine 5 minutes before it's infected.

I'm glad most machines are patched (even if it's Windows 10 and their constant updates, it saved some asses this past weekend), running AV that catches things, firewalls are in place, etc.. It is a never ending attack trying to target any system that's not protected.

 

[DMFD-Minister]

Firewalls should only be a small part of the solution. If someone took their corporate laptop, put it on the public network and managed to get infected because their Anti Malware solution was out of date. When they bring it in office and it spreads to every other system with out of date malware, and systems running MS OS's from the year 1999, then guess what. They get hosed too unless they are segregated by yet another firewall in their environment.

.

NSX fixes this. NSX enables firewall rules between every VM and computer in the network. Those firewall / network rules travel with that specific VM anywhere it goes so you're not dealing with physical firewalls inside the org. Palo Alto will sandbox and execute attachments as they come in. If they're malware, they'll be dropped/quarantined, flagged and sent back to Palo Alto and their threat database updated within minutes and their whole install base will be protected.

Next Gen Firewalls, NSX, and Horizon are the solution.

 

[Methos]

Except it was Microsoft's incompetence that released an unsecure operating system in the first place, and now they're acting like its some kind goodwill gesture to issue a patch for "outdated" XP.

I guess I'm not sure how a company finally getting around to cleaning up its own mess after raking in billions is worthy of fist bumping and backslapping.

I've got to disagree. Microsoft has developed an OS with millions of lines of code, installed across hundreds of millions of computers. The scrutiny this puts them under is intense, to say the least. Predicting every scenario an attacker might take is an impossible task. I know, I know. "But my favorite Linux distro never gets targeted!". Security through obscurity isn't really secure at all. It's just a matter of time.

Furthermore, XP is 16 years old. If people want support, and want to stay on XP, maybe they should pay a subscription fee for updates. Microsoft has done their part. I get it's popular to hate on MS, but this is user error. Opening unknown attachments on out of date PC's running no anti virus on unsecured networks. For fucks sake, does Bill need to come to each persons house and set everything up himself?

WannaCry is a blessing in disguise. This will teach people an important lesson.

 

[Grimlaking]

NSX fixes this. NSX enables firewall rules between every VM and computer in the network. Those firewall / network rules travel with that specific VM anywhere it goes so you're not dealing with physical firewalls inside the org. Palo Alto will sandbox and execute attachments as they come in. If they're malware, they'll be dropped/quarantined, flagged and sent back to Palo Alto and their threat database updated within minutes and their whole install base will be protected.

Next Gen Firewalls, NSX, and Horizon are the solution.

That's interesting. So coprorate employee heads home. Nephew wants to use their laptop to play a game on because they are visiting. Corporate employee says.. "Oh ok sure." Kid boots up... go's online. Downloads and plays game.. and also gets infection. They have the virus but don't know it. Kid shuts down. Corporate person brings laptop into office. Boots up.. starts doing work. Weekly on demand scan isn't for another couple days. In ther interim before they are alerted to the malicious code it is already spreading to other systems not fire walled away from this system. As it is in network.

How do these firewall solutions prevent this?

 

[heatlesssun]

I've got to disagree. Microsoft has developed an OS with millions of lines of code, installed across hundreds of millions of computers. The scrutiny this puts them under is intense, to say the least. Predicting every scenario an attacker might take is an impossible task. I know, I know. "But my favorite Linux distro never gets targeted!". Security through obscurity isn't really secure at all. It's just a matter of time.

Furthermore, XP is 16 years old. If people want support, and want to stay on XP, maybe they should pay a subscription fee for updates. Microsoft has done their part. I get it's popular to hate on MS, but this is user error. Opening unknown attachments on out of date PC's running no anti virus on unsecured networks. For fucks sake, does Bill need to come to each persons house and set everything up himself?

WannaCry is a blessing in disguise. This will teach people an important lesson.

We're not talking about mutually exclusive things here. Ok, blame Microsoft for the bad code. But XP users have been warned for YEARS that something like this could happen. And not deploying critical vulnerability patches, yeah, years of those warnings. Not even basic anti-virus was probably running on most of these machines.

 

[Pusher of Buttons]

That's interesting. So coprorate employee heads home. Nephew wants to use their laptop to play a game on because they are visiting. Corporate employee says.. "Oh ok sure." Kid boots up... go's online. Downloads and plays game.. and also gets infection. They have the virus but don't know it. Kid shuts down. Corporate person brings laptop into office. Boots up.. starts doing work. Weekly on demand scan isn't for another couple days. In ther interim before they are alerted to the malicious code it is already spreading to other systems not fire walled away from this system. As it is in network.

How do these firewall solutions prevent this?

Corporate employee shouldn't have local admin rights on his laptop for nephew to install game in the first place..... Fail #1.

 

[Zion Halcyon]

Story was the CIA lost a laptop with all the goodies. Is someone saying that the NSA ratted them out or made it up?

Lost laptop theory is a bogus one since the tools were kept on an airtight system and only people with access could have gotten to where it is - essentially it was a leaker.

The rumor is that the leaker could have been an NSA agent who was working in collaboration with the CIA and leaked all that info. And this is the CIA's way of getting back for being exposed.

That's the rumor anyway. Supposedly the NSA and CIA have a bit of a rivalry.

 

[Grimlaking]

Corporate employee shouldn't have local admin rights on his laptop for nephew to install game in the first place..... Fail #1.

Yea you tell that to uninformedexec number 234. They need to be able to install their quality of life software dag nabit! Even stupid IT people make mistakes like this all the time. "Yea I'm in IT I need admin rights to install my blah blah blah tool for troubleshooting." has ZERO education in security. Next thing you know. "Wait.. I'm fired because I let my nephew play GAMEOFLIFE or whatever on my laptop one time? That seems unfair."

 

[heatlesssun]

"Wait.. I'm fired because I let my nephew play GAMEOFLIFE or whatever on my laptop one time? That seems unfair."

It's all explained in our IT policies and we have to take an online course to certify that we know and understand the rules.

 

[Pusher of Buttons]

Yea you tell that to uninformedexec number 234. They need to be able to install their quality of life software dag nabit! Even stupid IT people make mistakes like this all the time. "Yea I'm in IT I need admin rights to install my blah blah blah tool for troubleshooting." has ZERO education in security. Next thing you know. "Wait.. I'm fired because I let my nephew play GAMEOFLIFE or whatever on my laptop one time? That seems unfair."

That's an HR problem, not an IT problem.

 

[DMFD-Minister]

That's interesting. So coprorate employee heads home. Nephew wants to use their laptop to play a game on because they are visiting. Corporate employee says.. "Oh ok sure." Kid boots up... go's online. Downloads and plays game.. and also gets infection. They have the virus but don't know it. Kid shuts down. Corporate person brings laptop into office. Boots up.. starts doing work. Weekly on demand scan isn't for another couple days. In ther interim before they are alerted to the malicious code it is already spreading to other systems not fire walled away from this system. As it is in network.

How do these firewall solutions prevent this?

Horizon is virtual desktop, so there might not be a corporate laptop anymore and the employee is logging into a virtual desktop instance or using a thin client at work. It depends on the user type. If they do have a thick client, it's locked down so only corporate approved programs can be installed. All updates are pushed out to all computers simultaneously. Windows update is forced enabled. Nephew cannot install said program. If for some reason the computer somehow gets infected, which requires a 0-day exploit that Microsoft hasn't released updates for that the next-gen sandbox firewall somehow didn't catch the malicious code when it was delivered, and the security on the VM didn't quarantine, the virtual machine is still only allowed to communicate with a very limited list of other systems on the network over VERY specific ports. Think maybe 3-5 specific allowances to email/AD/DNS/proprietary application. It's essentially deny all with explicit permissions only...meaning virtual desktops can't communicate directly with each other to be able to infect each other. Then, you have tools installed in the network to immediately locate virtual machines that start broadcasting on all address ranges and they get automatically isolated and all permissions immediately revoked.

What I'm describing exists. Many companies just don't want to spend all the dollars on it.

 

[Dead Parrot]

Makes me wonder if we're getting to the point where it's just going to be one never ending attack....

Been that way for many years. One of the old "How bad is it?" measures used to be how many minutes a XP computer with X level of patching would last if connected to the Internet without a firewall. The attacks are still there, the Operating Systems and other protections have gotten much better.