The discussion centers around the Petya ransomware virus that impacted Ukraine in June 2017, focusing on its methods of infection, particularly through a legitimate software updater. Participants explore the implications of system vulnerabilities and the effectiveness of security measures in preventing such attacks.
Participants express differing views on the effectiveness of security measures and the implications of the patch timeline. There is no consensus on the adequacy of existing protections against the ransomware attack.
Participants reference specific software and security measures, but there are unresolved questions regarding the configuration of firewalls and the implications of patch timelines on system vulnerabilities.
Individuals interested in cybersecurity, ransomware attacks, and the historical context of software vulnerabilities may find this discussion relevant.
Microsoft on Tuesday confirmed some initial infections in the Petya ransomware attacks occurred via Ukraine-based tax accounting software firm M.E.Doc, which develops MEDoc.
The finding solves part of the mystery surrounding yesterday's huge ransomware outbreakthat hit industry giants like shipping firm Maersk, but took a particularly heavily toll on organizations in the Ukraine, including banks, energy companies and even Kiev's main airport.
Security researchers speculated a corrupted MEDoc updater was the initial infection vector. However, Microsoft now says it has solid evidence that at least some infections were due to a software supply-chain attack that started with a legitimate MEDoc updater process.
...
I just shake my head that there are still systems out there that either don't get patched, or don't run host firewalls to block the spread of this stuff. Microsoft started blocking this kind of attack out of the box with Windows XP SP2 in 2004.jedishrfu said:People are speechless in the face of this viral onslaught.
I'm confused. Wikipedia article says:stoomart said:I just shake my head that there are still systems out there that either don't get patched, or don't run host firewalls to block the spread of this stuff. Microsoft started blocking this kind of attack out of the box with Windows XP SP2 in 2004.
Doesn't this imply that their OSs did not block this kin of attack until March of this year?The EternalBlue exploit had been previously identified, and Microsoft issued patches in March 2017 to shut down the exploit for the latest versions of Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016
March is when the patch was released, but running the default Windows firewall prevents a system from being compromised over the network, whether it's patched or not. You have to disable or misconfigure the firewall for the malware to spread around your network.Bandersnatch said:I'm confused. Wikipedia article says:
Doesn't this imply that their OSs did not block this kin of attack until March of this year?