Skip navigation
All Places > Products > RSA Web Threat Detection > Blog > 2017 > May
2017

We heard you loud and clear - with the upcoming long Memorial Day weekend fast approaching, school classes ending in the Midwest for the summer, and a host of work-related commitments, you wanted more time to submit Call for Speakers (C4S) Abstracts.

 

We are pleased to tell you that the deadline for C4S submissions has been extended and is now EOD on June 9, 2017.

 

This is a hard deadline, however, and will not be extended again so we can meet all the time-sensitive event activities leading up to RSA Charge 2017.

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!

 

First, check out the webinar replay of 'What You Should Know Before Submitting Your Proposal' and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form. There are also FAQs to help you too. 

 

The Tracks for RSA Charge 2017 include:

 

(Governance, Risk & Compliance)

Inspiring Everyone to Own Risk

Managing Technology Risk in Your Business

Taking Command of Your Risk Management Journey

Transforming Compliance

RSA Archer Suite Technical

RSA Archer Suite Advanced Technical

 

(Security Operations, Identity, Anti-Fraud)

Detecting and Responding to the Threats That Matter

Identity Assurance

Reducing Fraud, while Not Reducing Customers

Secrets of the SOC

 

Complete Session details are also available.

 

With the extended deadline through June 9, we hope you will consider sharing your first-hand knowledge, advice, ideas, experiences, case studies, and war stories with your peers at Charge 2017. For the many who have already submitted proposal abstracts, ‘thank you’ and we look forward to seeing you in Dallas, Oct. 17-19.

Visibility: RSA Archer Staging

RSA CHARGE 2017: CALL FOR SPEAKERS CLOSES MAY 26

It’s down to the final weeks for Call for Speakers (C4S) proposal submissions for the RSA Charge 2017 event.

 

If you are still on the fence, time is running out but there are some helpful aids to get you started. First, check out the webinar replay of ‘What You Should Know Before Submitting Your Proposal’ and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form.  There’s also FAQs to help you before submitting your proposal.

 

You may also check out the complete RSA Charge 2017 Session details.  

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!

 

We strongly encourage you to attend the RSA Charge event, even if you are not considering a speaker’s proposal submission.

 

Meet up with your Fraud and Risk Intelligence peers at RSA Charge and learn how to defend your digital channels to reduce fraud - not your customers or revenue. There will be several engaging sessions where you will learn about: 

 

  • Creating an Omni Channel Fraud strategy with RSA Adaptive Authentication ecosystem
  • Accelerating your Digital Strtegy with Open Banking API Economy Panel
  • Fighting Fraud with Deep Entity Profiling & Machine Automation
  • And, so much more! 

See you in Dallas, Oct. 17-19 !

Overview of WannaCry/Wanna Decryptor

As you know, starting late Thursday and hitting mainstream over Mother’s Day there is a current outbreak of a ransomware threat known as “WannaCry” or “Wanna Decryptor”. Ransomware attacks like “WannaCry” are meant to be very visible in order to pressure the victim to pay the ransom. The scale of this attack, together with this specific ransomware family, is unique in that it has worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. This exploit was recently made publicly available and appears to be associated with the “Shadowbrokers” release of nation state hacking tools. As of 5/15/2017 at 1pm ET, the associated income achieved is less than $50k the best we can estimate, less than 150 individuals or businesses impacted that were willing to pay.

 

While details are still emerging, RSA believes it follows a typical attack pattern where a malicious link is delivered through email as part of a phishing scam, whereby the malware installs itself. The malware can spread rapidly when an already infected computer is able to locate additional open and vulnerable computers with outbound internet connections. This malware can travel quickly through an internal network as a result of a core Windows networking function exploit. Microsoft issued a patch for this vulnerability under advisory (MS17-010).

 

The vulnerability exploited in this attack was made public in September, 2016. Microsoft released a patch in March, 2017. If an organization looks at their enterprise risk management with proper cyber hygiene, they may not have been vulnerable to this attack.

 

While mitigating attacks like this, which include host blocking, a robust backup strategy and comprehensive patch management, IT leaders should also be mindful that because of Microsoft’s patch support policy, any organization still running Windows XP, Windows 8 or Windows Server 2003 remain at high risk. Microsoft has issued specific guidance for this attack, which can be found here. This is not a new phenomenon and like in most major attacks, resistance is achieved with disciplined patching hygiene.

 

This latest wave of ransomware continues a trend with this popular attack method. Attackers are shifting away from stealing information for profit, rather taking advantage of the fact that data is critical to its victims for daily business operations.

 

Was RSA or Dell Technologies Impacted?

While we continue to monitor and validate, at this time there appears to be no impact to the internal networks of any of the major Dell Technologies networks.

 

Are RSA Products Impacted?

Individual alerts have been sent to clients using specific products. Because many clients leverage Microsoft OS and products as underlying components of RSA Products, there is a risk they could be impacted. That said, the actual product applications that RSA distributes are not impacted.

 

How RSA Can Help You?

You may be asking how RSA can help. First, recognize that ransomware threats, by design, are noisy and are obvious to the infected victim … this is part of the criminal’s objective and business model. RSA NetWitness® Suite is designed to help identify and provide visibility into a ransomware attack – but as part of this attack method, the victim organization’s data is being encrypted by the malware. This is the same for any advanced threat detection and response technology platform.

 

From a risk perspective, RSA Archer is designed to help automate risk management, prioritizing activities to reduce risk (i.e. Vulnerability Risk Management) to mission-critical systems, and consistently and effectively manage an actual incident.

 

From an investigation and readiness standpoint, RSA can provide strong visibility and expertise, helping users to reconstruct, analyze, and understand the attack for current and future identification of ransomware behavioral indicators and operational performance optimization. Analysts within Security Operations Centers (SOC) can see suspicious activities such as lateral movement of infected systems, and/or attempts to infect workstations and other network and critical business assets to more readily determine the overall operational, business continuity, governance, regulatory and compliance impact of the attack to their business. Lastly, RSA can help security programs and IT operational functions see the last known good state of the workstation to understand when the incident first began in order to measure “dwell time”, determine SOC visibility and detection, gaps and remediation requirements as well as the ability to restore from known good backup. This can help limit data loss and reduce the prospect of paying ransom to the attackers.

 

In a large-scale attack like this, expertise and experience in readiness, response, resilience and business risk management is imperative. RSA can help organizations in their response and readiness efforts and programs. These attacks can be contained and preemptive efforts can be taken to block similar attacks from occurring in the future, minimizing the impact and scale of ransomware campaigns.

 

For a deeper dive on using RSA Netwitness to improve you visibility and make decisive steps to reduce the impact on your environment, see WannaCry from the RSA NetWitness Suite's Perspective and Blocking WannaCry with Netwitness Endpoint.

 

Other RSA and Third Party References

Here are some additional resources if you’d like to learn more about the attack.

 

What's to Come?

New attacks are often followed by attack variants that use a similar infection vector with minor changes to bypass common defenses such as port and allowed path blocking. As such, four broad predictions:

  • Many organizations will not patch core systems, rather put in protective defensives such as AV, blocking ports and IP addresses, and other supplemental actions. Thus, future morphs of WannaCry will continue to impact customers.
  • After some minor reductions in volume of attacks we will see continued:
    • Increase in leveraging attack tool leaks to fuel new attacks. Increase in attacks that focus on incidents that demand immediate monetary payment. (i.e. DDOS, Ransomware, identity change, etc.)
    • Exploit of older vulnerabilities will continue to make headlines.
  • Industry and government regulatory bodies always respond to major cybersecurity events, thus you can assume there will be a continued tighten requirements around vulnerability management and patch hygiene.
  • Risk management will become more fundamental in the scheme of prioritizing resource allocation and spend. More alignment between business needs and underlying security activities are on the horizon … this is still a year of planning and early walks for most organizations.

 

In Summary

While newsworthy and certainly impacting organizations, the underlying issue for WannaCry is patch hygiene. Understanding the IT investments needed to be able to upgrade applications tied to OS changes (i.e. config, patches, etc.) must be a focus for organizations to better improve vulnerability to patch to deployment. Understanding major newsworthy hacking event, can reveal defensive commonalities that can have broad, risk reducing impacts to the organization short and long term.

 

These include:

  • Aligning business risk tolerance to a risk and cybersecurity plan
  • Prioritizing actions to reduce risk (less whack-a--mole)
  • Focus on the fundamentals that positively impact all threats:
    • Educating people
    • Business-driven risk reduction tied to an action-oriented plan
    • Continually test your environment for weaknesses
    • Strengthened identity and access assurance program
    • Assume all defenses will fail and that your understand of your environment isn't optimal.  Make sure you have expert visibility at the perimeter, inside the network, in the cloud and on attached mobile devices.  You must be able to monitor logs, packet traffic and what's actually happening on the endpoint. More importantly, you must have the expert capacity (people) to seek, monitor and respond to threats.
    • Automate your processes wherever possible. Very few organizations can invest at a level that provides enough people to adequately address the workload manually. The more organizations seek to enhance the efficiency and efficacy of their security teams, the greater the probability of success.

 

RSA’s Business-Driven Security solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. The RSA Risk and Cybersecurity Practice, our expert professional services team, help organizations identify, assess, and close the gaps; and take command of their evolving security posture. Feel free to contact RSA for further detail or assistance.

 

Additional Resources

Join more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017. This year’s event will be held Oct. 17-19 in Dallas at the Hilton Anatole Hotel.

 

This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security strategy in an increasingly uncertain high-risk world.

 

To whet your appetite, check out Top 10 Reasons to Attend RSA Charge 2017 and Agenda at a Glance

 

We strongly encourage you to attend the RSA Charge event, even if you are not considering a speaker’s proposal submission.

 

Meet up with your Fraud and Risk Intelligence peers at RSA Charge and learn how to defend your digital channels to reduce fraud - not your customers or revenue. There will be several engaging sessions where you will learn about: 

 

  • Creating an Omni Channel Fraud strategy with RSA Adaptive Authentication ecosystem
  • Accelerating your Digital Strtegy with Open Banking API Economy Panel
  • Fighting Fraud with Deep Entity Profiling & Machine Automation
  • And, so much more! 

RSA University will also once again be offering condensed product-specific training courses beginning Monday, October 16 and on Tuesday, October 17, with information available soon on the RSA Charge microsite.  Visit the microsite often to stay informed and maximize your experience at RSA Charge 2017.

 

Don’t miss this event - inspiring Keynotes, hands-on labs, strategic security sessions, technical deep-dives, and so much more; register today and save $300 with the Early Bird Discount through June 30.

 

See you in Dallas!