Wednesday, May 31, 2017

Sigh – ICS-CERT Updates WannaCry Alert Again (#8)

Today the DHS ICS-CERT published another update to their WannaCry Alert that was originally published on May 15th. There is no new information specifically from ICS-CERT, but links are provided to information from four new vendors:

Beckman Coulter (multiple products);
Samsung (generic);
Toshiba (generic); and
Toshiba Medical Systems (generic).

Beckman takes a very detailed approach, but one that is significantly different than the one Siemens has used. They start off by providing a single web page that is the source of information about each of their product lines. Then they classify each product into specific and limited categories:

• Not a Microsoft OS – no problem;
• Microsoft patch has already been deployed by Beckman;
• Neither patch nor WannaCry is applicable to the version of Windows® used;
• Products where hardware firewall is recommended;
• Products where detailed specific recommendations are provided; and
• Oops, we don’t know yet; wait for more information.

Each time Beckman identifies a product as a firewall candidate, they include a link to an interesting article about firewall protections against WannaCry by the NH-ISAC. The Q&A at the end of that brief article is particularly well done. I am surprised that ICS-CERT has not included that link in this Alert.

