Windows 10 S and Varonis: Immunizing For New Malware And Ransomware Attacks

One of the interesting things about Wannacry the malware that was at the heart of the recent massive Ransomware attack was that the attackers made under $100K in extortion but cost the industry around $5B in damage. Another interesting emerging fact is that Russia was likely the most damaged and that North Korea has been implicated in the attack (suggesting North Korea has some explaining to do to Russia). However it strikes me that there are two offerings in market that might prevent you from being the next victim which given we have a new NSA sourced attack, EternalRocks (I should comment I’m impressed with the branding of these things) which is flowing through the market as I write this.

What is kind of scary about EternalRocks is that if WannaCry was pretty basic, EternalRocks is massively more advanced. Or if WannaCry was the school bully, EternalRocks is like Seal Team 7. Folks aren’t even sure what it is trying to do but its potential is massively larger than WannaCry’s was.

This is a massive short term escalation and, I think, we need to make protecting against it a far greater priority.

Let’s talk about a couple products that could help.

Windows 10 S

Windows 10 S is a product that was actually initially targeted at education largely because kids actively screw up their machines. It is locked down by default and you can’t unlock it even with administrator access without changing the OS to the full version of Windows 10. This means that unless an attacker can penetrate the Windows Store a fishing attack on either other user or the administrator should fail with regard to infecting this product. In addition, updates are aggressively driven to this version of Windows by default so the exploit in Wannacry, which was tied to unpatched versions of Windows, would be ineffective against a fully patched and up to date version of Windows S.

Certainly, there are tradeoffs in that this won’t run legacy apps, allow side loading which bypasses the Windows Store, and is far more limited in both user options and administrative options. But what these folks can’t get to attackers will find nearly impossible to exploit making Windows S an emerging and potentially critical defense to the next malware attack.

Varonis DataPriviledge DatAlert

Varonis became somewhat famous a few years back when Snowden successfully penetrated the NSA’s security and stole a ton of records. This is because they had a tool in market that could have prevented this theft called DataPriviledge. This tool assures that only the people that are supposed to have access to things actually do. Had it been in place Snowden’s ability to take the massive number of records he stole would have been massively reduced to just what he legitimately had access to.

However, DataAlert is even more potentially powerful because it looks holistically at the network and alerts on unusual behavior. Like, say, for instance if someone who had never downloaded a lot of files before or encrypted anything suddenly started downloading everything but the kitchen sink or suddenly started to try to encrypt everything. Currently one of the most advanced tools in the market this one is backed up with a combination of deep learning analysis of metadata, machine learning, and advanced user behavior analysis. It also encompasses most of the high profile platform attack vectors like Windows, Unix, Linux, Network Attached storage, Active Directory, SharePoint, Exchange, and Office 365.

In effect, with both offerings, Varonis would be able to identify and mitigate an attack right at the start even if Windows S was somehow bypassed providing a strong second tier of defense.

Wrapping Up:

The way to attend against an ever more aggressive attack, particularly one that may be State sponsored, is with a current generation multiple level defense. Windows 10 S secures the end point by aggressively locking down the desktop and assuring rapid patching. Varonis’ product assure people don’t have access beyond their responsibility and specifically monitors for an attack alerting promptly and allowing the response team to rapidly mitigate and eventually eliminate the threat. Both of these two products from two very different companies could, together, make you a ton safer. And, right now, I expect there are a whole lot of us that want to be a ton safer.