I’m not referring to the hit song from Lisa Lisa & Cult Jam, as this is a cybersecurity blog about CIS Controls. But now that the song is in my head, I may have to find a way to integrate it somehow. But I digress.
I’m speaking of the infamous “WannaCry” ransomware attack that hit the world back in May 2017. WannaCry exploited vulnerabilities in older versions of Microsoft Windows to encrypt data on infected computers, demanding ransom payments in Bitcoin for decryption keys. This global cyberattack affected hundreds of thousands of computers across 150 countries, impacting various sectors including healthcare, finance, and government.
The outbreak underscored the significance of keeping software and anti-malware signatures up-to-date. Microsoft had released a security update (MS17-010) that addressed the exploited vulnerability two months before WannaCry began spreading. However, many organizations and individuals had not applied the update, leaving their systems susceptible to the attack.
The deployment and regular maintenance of anti-malware software is a fundamental defense mechanism against malicious software threats. Anti-malware software is critical in identifying, blocking, and removing viruses, worms, spyware, and other harmful code that can compromise information security and system integrity. Regular updates and scans ensure protection against the latest threats, with continuous monitoring and automatic updates being key components of effective anti-malware strategies.
Signatures, or definitions, are unique algorithms or hashes that correspond to particular malware strains. Anti-malware software uses these signatures to scan and identify malware on your systems by matching files against a comprehensive signature database.
Given the constant evolution of malware, it is crucial for anti-malware solutions to continuously update their signature databases to detect and defend against the latest threats. Regular updates equip anti-malware tools with the knowledge of the newest malware signatures.
Opting for automatic updates ensures a more streamlined and reliable protection strategy compared to manual updates by users or IT staff. These updates, which can occur multiple times a day, minimize the window of vulnerability and help safeguard systems against the latest exploits and malicious activities.
Here’s a link to the Malware Defense Management Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/malware-defense-policy-template-for-cis-control-10
Here are some details on this specific Control/Safeguard. If you want more detail, DM me.
CIS Control 10 – Malware Defense
Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
Implementation Group 1
CIS Safeguard 10.2 - Configure Automatic Anti-Malware Signature Updates
Configure automatic updates for anti-malware signature files on all enterprise assets.