All Cried Out ft. Bryon Singh, RailWorks Corporation

All Cried Out ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On February 20, 2024

I’m not referring to the hit song from Lisa Lisa & Cult Jam, as this is a cybersecurity blog about CIS Controls. But now that the song is in my head, I may have to find a way to integrate it somehow. But I digress.

I’m speaking of the infamous “WannaCry” ransomware attack that hit the world back in May 2017. WannaCry exploited vulnerabilities in older versions of Microsoft Windows to encrypt data on infected computers, demanding ransom payments in Bitcoin for decryption keys. This global cyberattack affected hundreds of thousands of computers across 150 countries, impacting various sectors including healthcare, finance, and government.

The outbreak underscored the significance of keeping software and anti-malware signatures up-to-date. Microsoft had released a security update (MS17-010) that addressed the exploited vulnerability two months before WannaCry began spreading. However, many organizations and individuals had not applied the update, leaving their systems susceptible to the attack.

The deployment and regular maintenance of anti-malware software is a fundamental defense mechanism against malicious software threats. Anti-malware software is critical in identifying, blocking, and removing viruses, worms, spyware, and other harmful code that can compromise information security and system integrity. Regular updates and scans ensure protection against the latest threats, with continuous monitoring and automatic updates being key components of effective anti-malware strategies.

Signatures, or definitions, are unique algorithms or hashes that correspond to particular malware strains. Anti-malware software uses these signatures to scan and identify malware on your systems by matching files against a comprehensive signature database.

Given the constant evolution of malware, it is crucial for anti-malware solutions to continuously update their signature databases to detect and defend against the latest threats. Regular updates equip anti-malware tools with the knowledge of the newest malware signatures.

Opting for automatic updates ensures a more streamlined and reliable protection strategy compared to manual updates by users or IT staff. These updates, which can occur multiple times a day, minimize the window of vulnerability and help safeguard systems against the latest exploits and malicious activities.

Here’s a link to the Malware Defense Management Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/malware-defense-policy-template-for-cis-control-10

Here are some details on this specific Control/Safeguard. If you want more detail, DM me.

CIS Control 10 – Malware Defense

Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.

Implementation Group 1

CIS Safeguard 10.2 - Configure Automatic Anti-Malware Signature Updates

Configure automatic updates for anti-malware signature files on all enterprise assets.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.