WannaCry: Massive Worldwide Ransomware Attack

Through a massive cyber attack on Friday, 12 May 2017, criminals have used critical vulnerabilities in all Windows operating systems and have infected tens of thousands computers with encryption malware.

Microsoft have issued a patch for their current operating systems in the middle of March 2017, followed by a patch for already cancelled operating systems (e.g. Windows XP) on 13 May 2017. More information on this topic is available on heise.de.

Once more it has become evident that patch management and various other measures such as the protection of interfaces against external attacks, as well as hardening and antivirus protection are vital for the secure operation of control systems.

Therefore, we urgently recommend you to upload the patch onto your system immediately or to have it uploaded by IDS staff. Please contact our Customer Competence Center for help.

Critical Vulnerabilities in Cisco Firewalls

The so-called zero-day gap occurs in the Simple Network Management Protocol (SNMP) of the Adaptive Security Appliance (ASA) software. Attackers can exploit this vulnerability via remote code execution, by executing their own codes and, as a worst-case scen

Critical Vulnerability in ASA Firewalls

We would like to inform you that a critical vulnerability has been detected in ASA firewalls. According to Cisco, the following products are affected when the VPN function (via IPSec) is activated:

  • ASA 5500 Series Adaptive Security Appliance
  • ASA 5500-X Series Next-Generation Firewall
  • ASA Services Module for Cisco Catalyst 6500 Series Switches
  • Cisco 7600 Series Router
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 9300 ASA Security Module
  • ISA 3000 Industrial Security Appliance

What exactly is this Security Gap?
If you send appropriately prepared data packets to the aforementioned devices, these packets are written into the memory during processing in such a way that it enables attackers to use buffer overflows in the heap to sneak malware codes into the memory, which are then executed. Thus, attackers are able to infiltrate a particularly sensitive part of the network infrastructure and, from there, advance deeper into the network.

Workaround/Urgent Measures?
We recommend to take the VPN connections out of service until the appropriate patch is imported.

How to Close the Security Gap
Given that, by virtue of its design, the Cisco firewall is exposed to data traffic from outside, this problem can only be solved by importing the appropriate patch to secure the network. Here, we have to differentiate between the following cases:

  1. You are entitled to the manufacturer’s support for the affected device and have made the appropriate service agreement for patch management of the firewall with IDS.  In this case, you don't have to do anything at all. We’ll get in touch with you as quickly as possible to import the patch. This is part of the service agreement.
  2. You are entitled to the manufacturer’s support for the affected device, but have NOT made the appropriate service agreement for patch management of the firewall with IDS.  In this case, we invoice our services on a time and effort basis, in accordance with our current Service Price List.
  3. The manufacturer’s support for the affected device is no longer valid. In this case, we support you in your research to find out whether the patch is still available, the manufacturer's support can be extended or the device needs to be exchanged.

Our Offer for You!
In cases 2 and 3, respectively, please contact our Customer Service Center (phone: 07243/218-990, email: kundencenter[at]]ids[dot]]de or via our website) if you are using the aforementioned firewalls. We are happy to recommend the most economically favourable solution for your system.

For further information on IT security and on our service portfolio, please contact our Security Officer and Head of Services Department, Mr Dieter Göbelbecker.