A ransomware virus called WannaCry has spread across the globe like a wildfire, and is rapidly spreading across the headlines as increasingly more businesses report that they have been hacked. The term “unprecedented” continues to resurface in reference to large cyber-attacks of the past few years.

WannaCry and Petya, point to the large disconnect between a company’s security (staff responsible for preventing malicious attacks) and operations teams (staff responsible for patching endpoints). Unfortunately, a lack of synergy between these two critical groups could make the organization much more vulnerable to a cyber-attack. Traditionally, security and operations teams were considered entirely separate functions. With cyber incidents becoming more complex and relentless by the day, it’s become increasingly evident that collaboration between the two departments is absolutely necessary in order to ensure compliance and security of the organization.

Organizations who rely on manual administration of security and compliance find it impossible to scale, which in turn limits their ability to keep up with business opportunities and challenges in the growing digital economy. Plus, manual administration is also particularly subject to human error, which makes it dangerous. Delays in responding to security threats and compliance issues can lead to breaches, failed audits, financial loss, and damage to a company’s reputation and other serious business consequences.

Microsoft recommends all Azure customers take the following 8 steps to further protect your organization from attacks like these.

  • This recent WannaCrypt malware exploits a Service Message Block (SMB) vulnerability (CVE-2017-0145). Customers should immediately install MS17-010 to resolve this vulnerability.
  • Review all Azure subscriptions that have SMB endpoints exposed to the internet, commonly associated with ports TCP 139, TCP 445, UDP 137, UDP 138. Microsoft recommends against opening any ports to the internet that are not essential to your operations.
  • Disable SMBv1 – instructions located here: https://aka.ms/disablesmb1
  • Utilize Windows Update to keep your machines up-to-date with the latest security updates. If you are running Azure Cloud Services (Platform as a Service Web Roles and Worker Roles or Infrastructure as a Service (IaaS)) automatic updates are enabled by default, so there is no further action required. All Guest OS versions released after March 14th, 2017 contain the MS17-010 update. You can view the update status of your resources on an on-going basis in Azure Security Center.
  • Use the Azure Security Center to continuously monitor your environment for threats. Collect and monitor event logs and network traffic to look for potential attacks using the Azure Security Center, and check for new security alerts and quickly investigate any threats detected.
  • Use Network Security Groups (NSGs) to restrict network access. To reduce exposure to attacks, configure NSGs with in-bound rules that restrict access to only required ports. You can use network firewalls from a range of companies for additional security. Azure Security Center provides a view of the security for all your networks in Azure, and helps you identify those with internet accessible endpoints, insufficient NSG protections, and in some cases recommends a firewall solution.
  • Confirm that anti-malware is deployed and updated. If you are using Microsoft anti-malware for Azure or Windows Defender, Microsoft released an update last week which detects this threat as Ransom:Win32/WannaCrypt. If you are running anti-malware software from any number of security companies, you should confirm with your provider that your are protected. You can also use Azure Security Center to verify that anti-malware, and other critical security controls, are configured for all of your Azure virtual machines.
  • Configure backups with multifactor authentication. An important part of recovery from any compromise is having a strong backup solution in place. If you are already using Azure Backup, you can recover data if your servers are attacked by ransomware. Only users with valid Azure credentials can access the backups stored in Azure. We also recommend enabling Azure Multi-Factor Authentication to provide an additional layer of security to your backups in Azure.

However, there is a need to have a continuous check that configurations are not modified, and not altered by somebody. This is an area where Cloudneeti is helping a great deal. Cloudneeti for Azure make continuous validation by automating the monitoring and reporting. With Cloudneeti configured, the security controls are validated at the configured frequency and when misconfigurations are uncovered it is immediately reflected on the dashboards.

Cloudneeti follows the 24 Cyber Controls  published by National Institute of Standards and Technology to measure organizations cyber health using technology and services packaged into an affordable managed service. Within this assessment, Cloudneeti scans through all Azure resources for a particular subscription and provides comprehensive security and compliance posture against industry best practices.

For more information about Cloudneeti, visit www.cloudneeti.com

To start designing and protecting against the likes of WannaCry/Petya , sign up for a free 30-day Cloudneeti Standard NIST, which includes all 24 controls described in this article.