Tuesday, May 16, 2017

ICS-CERT Publishes WannaCry Alert

Yesterday the DHS ICS-CERT published a control system security alert for the WannaCry ransomware. This alert is a follow-up to the US-CERT alert on the same attack vector. The alert provides links to three vendor sites providing information about indicators of attacks on their Microsoft Windows® based control system products. Those vendors (and their WannaCry links) are:

Rockwell Automation (log on required);

Both the Schneider and BD advisories emphasize that while medical and industrial control systems have been affected this is a Microsoft Windows based ransomware attack. They both recommend ensuring that Microsoft patch for the MS17-010 SMB vulnerability be applied to all Windows based machines (including Windows XP and Windows 8). Interesting that neither vendor alerts nor the ICS-CERT alert discusses the Microsoft suggestion to turn of the SMB file sharing tool.

ICS-CERT expects to update this alert with additional vendor information when it becomes available.

No comments:

/* Use this with templates/template-twocol.html */