BITDEFENDER PARTNER MALAYSIA
  • Home
    • About Us
    • Why Bitdefender >
      • Patented Technology
  • FOR BUSINESS
    • Gravityzone Business Security >
      • Ransomware Mitigation
      • MITRE ATT&CK Evaluation
      • Gravityzone Technologies
      • Gravityzone Features List
    • Bitdefender Email Security >
      • Gravityzone Email Security Configuration (For Outlook 365)
      • Gravityzone Email Security Configuration (For Google Workspace)
    • Patch Management
    • Full Disk Encryption
  • SUPPORT
    • Payment mode
    • Request Quotation
    • Tips & Trends
    • Refund Policy
    • Privacy Policy
  • CONTACT US
    • Whatsapp us

22 years of Innovations

Firms that didn’t patch and enabled local admin rights continue to suffer post cyber-attack

7/17/2017

 
By Graham Cluley on Jul 12, 2017 | 

Here’s a salutary reminder for all businesses.

Just because a malware outbreak has begun to fade away from the newspaper headlines, doesn’t mean your troubles are over.  Many firms can continue to suffer long afterwards.

In late June, a malware attack crippled businesses and critical infrastructure in Ukraine at astonishing speed.

Initially suspected of being a similar ransomware attack to the WannaCry outbreak seen the month before, the malware (variously named as Petya, NotPetya or GoldenEye by security vendors) appears to have been launched through a malicious automatic update to a popular Ukrainian accounting software tool called MeDoc.

We tell companies all the time to keep their software updated with the latest available patches, and yet here was an update which actually delivered a devastating malware attack.  The irony isn’t lost on anybody.
​

Once in place on an infected PC, the malware would spread to other networked computers, using a variety of lateral movement techniques.

And it didn’t take long for GoldenEye to spread beyond Ukraine’s borders, hitting the of offices of multinational companies in the United States, UK, Russia, France, Germany and elsewhere.

Organisations that continue to feel the pain include advertising giant WPP, household goods manufacturer Reckitt Benckiser, and world’s largest shipping company Maersk.

As The Register reports, a number of WPP’s agencies remained locked out of their networks last week, as the company struggled to safely return services to normal.  Meanwhile, insiders have claimed that IT support has suffered since being out-sourced, leaving some WPP agencies without critical Windows patches for six months and an alarming number of users granted local admin rights.

The truth is that lax patching, a lack of network segmentation and local admin rights are a recipe for security disaster.

This isn’t a secret – every IT security team worth its salt knows that it is taking a risk by granting users local admin rights – but on too many occasions an IT support technician will choose to enable local admin rights if an application is failing to work properly, rather than resolve the problem by seeking a fixed version of the program.

Making your company resilient against future malware attacks means adopting a layered approach, and sometimes taking some tough decisions.  Sometimes there may not immediately appear to be a good return on “doing things properly”, but you’ll certainly feel the pain if one day a malware attack takes advantage of your lax security.

Don’t take short cuts now that may cost you in the long run.
​
More read up: Everything we know about GoldenEye/NotPetya

​Source: Bitdefender Business Insights in Virtualisation and Cloud Security

Get your Business Security Today

Comments are closed.

    Protect from Ransomware

    Buy Bitdefender now

    Select carefully in the PayPal item below before make payment.
    Buy now and get protection. License key will be delivered before next business day. Activation in Malaysia only.

    Picture

    RECOMMENDED READINGs

    All
    ABC Of Cybersecurity
    Antivirus For Mac
    Biometric
    Child Online Safety
    CISO
    Corporate Security
    Cyberattacks
    Cybersecurity
    Data Center
    Data Center Security
    Data Leak
    Do Your Thing
    Endpoint Security
    Extortion
    Firewall Rules
    Goldeneye
    Gravityzone Business Security)
    Hacker
    Home Security
    Home User Products
    How To
    Hyperconvergence
    Installation Guide
    Intellectual Property
    Internet Of Things
    Internet Security
    IoT
    Loss Of Life
    Machine Learning
    Malware
    Online Purchase
    Online Security
    Parental Control
    Personal Security
    Petya
    Protected
    Ransomware
    Ransomware 2016
    Ransomware Decryption Tool
    Security Awareness
    Security Awareness Training
    Security Policies Setting
    Smb
    Virtualization & Cloud Security
    Wannacry
    Wanncry
    Windows Security

    RSS Feed

Picture
Chat with WhatsApp
Picture
Submit request or inquiry

For BUSINESS: Gravityzone Advanced Business Security

We are a certified Bitdefender Solution Partner (more than 9 years)

Copyright © 2025 We are a Gold Partner of Bitdefender.
About us | Contact us |
Copyright © 2024 57Network Consultancy Sdn. Bhd.
Company Registration number: 202001020346 (1376666-K) 
All rights reserved.

Website managed by 57Network.com
  • Home
    • About Us
    • Why Bitdefender >
      • Patented Technology
  • FOR BUSINESS
    • Gravityzone Business Security >
      • Ransomware Mitigation
      • MITRE ATT&CK Evaluation
      • Gravityzone Technologies
      • Gravityzone Features List
    • Bitdefender Email Security >
      • Gravityzone Email Security Configuration (For Outlook 365)
      • Gravityzone Email Security Configuration (For Google Workspace)
    • Patch Management
    • Full Disk Encryption
  • SUPPORT
    • Payment mode
    • Request Quotation
    • Tips & Trends
    • Refund Policy
    • Privacy Policy
  • CONTACT US
    • Whatsapp us