Page 15 - CSI - Cisco Security Instroduction - BT
P. 15
Timeline of ‘WannaCry’ Ransomware Defense
Microsoft Security Bulletin Cisco NGFW | Meraki MX Shadow Brokers Cisco NGFW | Meraki MX
March 14th, 2017 March 14th, 2017 April 14th, 2017 April 25th, 2017
On March 14th, Microsoft On the same day, Cisco Talos released A group known as “The Shadow Brokers” Talos releases Snort™ signatures #42329,
released a patch (MS17-010) Snort™ signature #41978 to detect released a set of vulnerabilities allegedly sourced #42332, #42340 for Double Pulsar and
for a new SMB vulnerability. vulnerabilities identified in MS17-010. from the National Security Agency (NSA) that go Anonymous SMB shares.
by the names of Eternal Blue and Double Pulsar.
Cisco TALOS
Cisco Umbrella Cisco AMP Cisco Umbrella Cisco Investigate
With more than 250 world class May 12th, 2017 | 10:12 UTC May 12th, 2017 | 9:33 UTC May 12th, 2017 | 7:43 UTC May 12th, 2017 | 7:30 UTC
researchers around the globe
and a global network of Cisco Umbrella adds attribution of the attack Approximately 60 minutes after the first Cisco Umbrella pushes kill switch domain @MalwareTechBlog releases information
type to ransomware and moves the kill switch seen samples, AMP detected the globally into Newly Seen Domains categories about a new attack dubbed ‘WannaCry’ on
intelligence and data sources, domain to the malware category. ransomware. Threat was detected via which resulted in protection against the Twitter and his blog.
Cisco continues to monitor, automatic analysis rules and low prevalence ransomware and spreading of the worm.
methods. Cisco Investigate screenshot was included in
research, and protect customers the blog as it was used as a part of the
AMP successfully detected and blocked on intelligence collection and discovery.
against ‘WannaCry’ and other endpoints, email and web gateways, and
emerging threats. network security.
18
