Something For the Weekend Sir?
This week it transpires that the manufacturer of Durex Condoms, Dettol for cleaning nasty cuts and bruises and Nurofen for headaches and fever had themselves caught a nasty cold called NotPetya.
That’s right, the monster manufacturing outfit Reckitt Benckiser (branded to rb, then used in tortuous marketing shizzle like betterbusiness, see what they did there?), were taken out in many regions by the latest Petya incident.
So bad has this incident been for rb, that they have warned shareholders that it will impact the quarterly results, although some of this would be recovered in the following quarter. Amounts as much as £100 Million are being mentioned.
rb’s latest announcement is here:
The clear vulnerability of the manufacturing sector to malware that specifically targets older releases of operating software is a big worry for IT and business management alike. A lot of manufacturing machinery will be using old systems and in many cases are hard to patch, therefore they may not be up to date.
The information security community is very aware of this issue. The behavioural analytics company Darktrace (an ITC partner) has been talking about using analytics to detect this sort of activity, especially the lateral spread of infection. They are using straightforward TCP Resets to try and control the collateral damage and this is something we are frequently advising our customers about.
What the latest Petya and WannaCry incidents have illustrated is the sheer speed these attacks can spread through a network, certainly faster than the traditional response time of SOC triage and remedial action by human operators.
ITC’s NetSure360° Managed Security Service has the capability to automate remediation in a number of ways – reprogramming firewalls or router access lists or instructing network access control devices to quarantine suspect machines in very short order following infection. We call it NetSure360° Protect.
Protect has been available for over 18 months but the appetite amongst our customer base to implement automated remediation has not been of the ‘form an orderly queue’ variety, if you get our drift!
Maybe these recent events will sharpen people’s minds. It might be time to put the machines in charge of controlling the machines. Gulp.
If you would like a demonstration of Protect, would like to have a chat about anything in this blog or about Information security in general, please contact us at: [email protected] or call 020 7517 3900.