Page 37 - CSI - Cisco Security Introduction
P. 37
Timeline of ‘WannaCry’
Ransomware Defense
Microsoft Security Bulletin Cisco NGFW | Meraki MX Shadow Brokers Cisco NGFW | Meraki MX
March 14th, 2017 March 14th, 2017 April 14th, 2017 April 25th, 2017
On March 14th, Microsoft On the same day, Cisco Talos A group known as “The Shadow Brokers” Talos releases Snort™ signatures
released a patch (MS17-010) released Snort™ signature #41978 released a set of vulnerabilities allegedly sourced #42329,
for a new SMB vulnerability. to detect vulnerabilities identified in from the National Security Agency (NSA) that #42332, #42340 for Double Pulsar
MS17-010. goby the names of Eternal Blue and Double and Anonymous SMB shares.
Pulsar.
Cisco TALOS
Cisco Umbrella Cisco AMP Cisco Umbrella Cisco Investigate
With more than 250 May 12th, 2017 | May 12th, 2017 | May 12th, 2017 | May 12th, 2017 |
world class researchers 10:12 9:33 7:43 7:30
around the globe and a Cisco Umbrella adds attribution of the Approximately 60 minutes after the Cisco Umbrella pushes kill switch @MalwareTechBlog releases
attack type to ransomware and moves
domain globally into Newly Seen
first seen samples, AMP detected
information about a new attack
global network of the kill switch domain to the malware the ransomware. Threat was Domains categories which resulted in dubbed ‘WannaCry’ on Twitter and
intelligence and data category. detected via automatic analysis protection against the ransomware his blog.
Cisco Investigate screenshot was
and spreading of the worm.
rules and low prevalence methods.
sources, Cisco AMP successfully detected and included in the blog as it was used as
a part of the intelligence collection and
continues to monitor, blocked on endpoints, email and discovery.
research, and protect web gateways, and network
security.
customers against
‘WannaCry’ and other
emerging threats.
© 2018 Engage ESM All Rights Reserved 2018 Engage ESM All Rights Reserved
©
