{"id":48677,"date":"2023-05-15T11:47:41","date_gmt":"2023-05-15T09:47:41","guid":{"rendered":"https:\/\/cyberant.com\/wannacry-anti-virus-is-not-enough\/"},"modified":"2023-11-09T12:15:59","modified_gmt":"2023-11-09T11:15:59","slug":"wannacry-anti-virus-is-not-enough","status":"publish","type":"post","link":"https:\/\/cyberant.com\/en\/wannacry-anti-virus-is-not-enough\/","title":{"rendered":"WannaCry: Anti-virus is not enough"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-loogau5d-17f3c7e790db2ed76193b099c5ca62a2\">\n#top .av_textblock_section.av-loogau5d-17f3c7e790db2ed76193b099c5ca62a2 .avia_textblock{\nfont-size:40px;\n}\n<\/style>\n<section  class='av_textblock_section av-loogau5d-17f3c7e790db2ed76193b099c5ca62a2 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h1>WannaCry: Anti-virus is not enough<\/h1>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-pwz9l6-baa0632612546cbe386acc69683b0d0a\">\n#top .hr.hr-invisible.av-pwz9l6-baa0632612546cbe386acc69683b0d0a{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-pwz9l6-baa0632612546cbe386acc69683b0d0a hr-invisible  avia-builder-el-1  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<section  class='av_textblock_section av-loogbp5k-2c0cc8b37c9f0e45aa27aef1f45ebc31 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Despite almost every organization using antivirus software, there are many victims of the WannaCry ransomware.<\/p>\n<h3><strong>The anatomy of an attack<\/strong><\/h3>\n<p>Looking at today&#8217;s threats, relying on antivirus just isn&#8217;t enough anymore. Techniques for bypassing antivirus programs are becoming more sophisticated and user-friendly, making it very difficult to detect. To understand the infection technique of today&#8217;s attacks, we need to know the anatomy of an attack. These consist of the following components: A vulnerability, an exploit and a payload.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-48832 size-full\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2017\/05\/wannacry-five-years-on-what-have-we-learned-v2.png\" alt=\"WannaCry: Anti-virus is not enough\" width=\"1013\" height=\"675\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2017\/05\/wannacry-five-years-on-what-have-we-learned-v2.png 1013w, https:\/\/cyberant.com\/wp-content\/uploads\/2017\/05\/wannacry-five-years-on-what-have-we-learned-v2-300x200.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2017\/05\/wannacry-five-years-on-what-have-we-learned-v2-768x512.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2017\/05\/wannacry-five-years-on-what-have-we-learned-v2-125x83.png 125w, https:\/\/cyberant.com\/wp-content\/uploads\/2017\/05\/wannacry-five-years-on-what-have-we-learned-v2-75x50.png 75w, https:\/\/cyberant.com\/wp-content\/uploads\/2017\/05\/wannacry-five-years-on-what-have-we-learned-v2-705x470.png 705w\" sizes=\"(max-width: 1013px) 100vw, 1013px\" \/><\/p>\n<h3><strong>The vulnerability<\/strong><\/h3>\n<p>The vulnerability is the part of the software that contains the security flaw. The WannaCry malware exploits a vulnerability in the Windows SMB service. This vulnerability was discovered early on by the NSA and was used to infiltrate organizations and foreign governments. After the The Shadow Brokers leaked the offensive NSA tools, malware makers began implementing them.<\/p>\n<h3><strong>The exploit<\/strong><\/h3>\n<p>The exploit is the code written by the hacker to exploit the security vulnerability. It is a small piece of computer code that in this case leads to an ability to take control of the computer.<\/p>\n<h3><strong>The payload<\/strong><\/h3>\n<p>Once the attacker has control of the computer, it is time to tell the computer what to do with it. We call this the payload. When the NSA used this Zero Day, it was most likely used to set up backdoors. However, the WannaCry malware uses this vulnerability to encrypt all files on the computer.<\/p>\n<h3><strong>WannaCry infection<\/strong><\/h3>\n<p>Now that we know the anatomy of attack, we can use it to prevent it. The best way to prevent an attack is to remove the vulnerability. This can easily be done by installing the Microsoft updates.<\/p>\n<p>Most malware, ransomware and even the majority of &#8220;Advanced Persistent Threats&#8221; use vulnerabilities with publicly available exploits. Even the most current threat, the WannaCry ransomware, uses a commonly known exploit within the Windows SMB service. Microsoft released a patch for this flaw in March, meaning infection could have been prevented by proper patch management.<\/p>\n<p>Vulnerabilities can also be introduced by defects other than outdated software, for example, misconfiguration of software. By implementing a Vulnerabilities process, known vulnerabilities become visible and can be addressed. Even if the patch management process has been implemented and is working correctly, vulnerability management must be performed to verify proper implementation of the patches. If there is no vulnerability, attackers have nothing to exploit and attacks will not be successful.<\/p>\n<\/div><\/section>\n<div  class='hr av-zn8kru-38fb10b1137830aae22b5bbfb7ce5f97 hr-default  avia-builder-el-3  el_after_av_textblock  el_before_av_social_share '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='av-social-sharing-box av-jz02ru-ba288c05aba85f13f494d9f68a9f7422 av-social-sharing-box-default  avia-builder-el-4  el_after_av_hr  avia-builder-el-last  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Share this article<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href='https:\/\/www.facebook.com\/sharer.php?u=https:\/\/cyberant.com\/en\/wannacry-anti-virus-is-not-enough\/&#038;t=WannaCry%3A%20Anti-virus%20is%20not%20enough' data-av_icon='\ue8f3' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on Facebook'><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on X\" href='https:\/\/twitter.com\/share?text=WannaCry%3A%20Anti-virus%20is%20not%20enough&#038;url=https:\/\/cyberant.com\/en\/?p=48677' data-av_icon='\ue932' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on X'><span class='avia_hidden_link_text'>Share on X<\/span><\/a><\/li><li class='av-share-link av-social-link-whatsapp avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on WhatsApp\" href='https:\/\/api.whatsapp.com\/send?text=https:\/\/cyberant.com\/en\/wannacry-anti-virus-is-not-enough\/' data-av_icon='\uf232' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on WhatsApp'><span class='avia_hidden_link_text'>Share on WhatsApp<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href='https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=WannaCry%3A%20Anti-virus%20is%20not%20enough&#038;url=https:\/\/cyberant.com\/en\/wannacry-anti-virus-is-not-enough\/' data-av_icon='\ue8fc' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on LinkedIn'><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><li class='av-share-link av-social-link-mail avia_social_iconfont' ><a  aria-label=\"Share by Mail\" href='mailto:?subject=WannaCry%3A%20Anti-virus%20is%20not%20enough&#038;body=https:\/\/cyberant.com\/en\/wannacry-anti-virus-is-not-enough\/' data-av_icon='\ue805' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share by Mail'><span class='avia_hidden_link_text'>Share by Mail<\/span><\/a><\/li><\/ul><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":48833,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[206,216,181],"tags":[207,183,184,185,186,309],"class_list":["post-48677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-knowledge-base","category-risk-management","tag-anti-virus-en","tag-cyberaanval-en","tag-cyberrisk-en","tag-hacker-en","tag-it-infrastructuur-beschermen-en","tag-wannacry-en"],"_links":{"self":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/48677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/comments?post=48677"}],"version-history":[{"count":0,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/48677\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media\/48833"}],"wp:attachment":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media?parent=48677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/categories?post=48677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/tags?post=48677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}