Andrea Carcano, Co-Founder and Chief Product Officer of Nozomi Networks says: “If rumors prove true that this attack was initiated by the External Blue Exploit, it is a well-known vulnerability using SMB v1. SMB is a protocols used often in the industrial networks. Therefore security staff should be identifying any Microsoft systems in their ICS that could be exploited and take immediate remediation steps to patch them. This is the same vulnerability used in by last month’s WannaCry Ransomware bombardment in which hundreds of thousands of computers in critical industries were effected. It demonstrates the urgency for patching, however within ICS environments rapid patching can be difficult or impossible, which means operators must turn to advanced ICS cybersecurity monitoring to analyze the traffic and identify anomalous SMB v1 traffic. Real-time detection enables operators to take immediate steps to remediate the operational impact and ensure critical infrastructure stays up and running.”

Read More