Cybersecurity Attack Update

Last week, businesses and not-for-profits all over the world experienced one of the broadest cyberattacks ever carried out. DHG’s IT Advisory group has prepared an update on the attack and recommendations for reducing the likelihood of a successful attack on your organization in the future.

What happened?

A form of malware called ransomware was successfully installed on vulnerable computers around the world and locked user access to data, impairing the ability to conduct normal operations.

How did it happen?

The attack exploited a known vulnerability in the Microsoft Windows operating system, and prevented users from accessing legitimate – and in some cases critical – system functions and data for hospitals, banks and governments in more than 100 countries.

Cause

It is still unclear who perpetrated this attack. However, the attack was intentional, requiring the development and spread of malicious software to infect vulnerable systems. It is likely that an email phishing campaign deceived users into downloading the software.

DHG Recommendations

The DHG IT Advisory team recommends a holistic review of cybersecurity processes at all organizations. The following recommendations should be followed immediately to reduce the likelihood and impact of a similar ransomware attack:

  • Review software version and security patch levels on ALL servers and workstations to ensure known security vulnerabilities have been patched with updates.
  • Validate that all critical data on your network has been identified and is regularly backed up to offline data storage.
  • Remind all internal users of the imminent threat of phishing attacks designed to deceive legitimate users into clicking malicious links and attachments.

If you have questions, contact us for more information.


About The Author

Tom Tollerton, CISSP, CISA, QSA | Manager, DHG IT Advisory | tom.tollerton@dhg.com

Tom Tollerton, CISSP, CISA, QSA is a manager in the DHG IT Advisory practice. With more than 10 years of experience in the cybersecurity field, Tom helps manage the firm’s cybersecurity services, and serves as a subject matter leader in cybersecurity risk assessments, payment card industry (PCI) compliance assessments, ACH data security audits, cyber forensics and data breach incident response.

About DHG IT Advisory

DHG IT Advisory, a national practice of Dixon Hughes Goodman, works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs that drive your business. For more information, visit dhg.com/itadvisory.