Skip navigation

In today's landscape of security breaches and cyberattacks, it seems like no company or network is completely immune to cybercrime. In fact, you don’t have to search very hard in the news to read about another cyberattack that has happened to a big corporation. Thankfully, developers are constantly looking out for these threats and building important security patches and updates protect the data. Let's look at some of the major vulnerabilities and attacks that have happened in 2017.

 

Microsoft Security Bulletin MS17-010 (March 14, 2017)

 

Although this wasn't exactly a hack, it serves as a great reminder of how scary security vulnerabilities in Microsoft® Windows® software can be. The bulletin detailed several cyber security threats, but the most severe vulnerability was the potential for an attacker to execute code on the target server. This vulnerability was so huge that Microsoft called the security patches “critical for all supported releases of Microsoft Windows.”

 

Imagine the impact this could have had if the cyber threat was not discovered and a security patch was not created.

 

The biggest impact of this bulletin was that it showed how many zero-day level flaws were present in Microsoft products that made users vulnerable to cyberattacks. Essentially, the combination of the delayed rollout of crucial security patches and enterprises’ often slow adoption of patches made all Microsoft users vulnerable to the WannaCry and NotPetya ransomware attacks.

 

WannaCry Ransomware Attack (May 12, 2017)

 

The WannaCry Ransomware attack was one of the most significant cyberattacks in 2017. Seventy-five thousand organizations from 99 countries reported being attacked. How did it happen?

 

A vulnerability called EternalBlue was responsible for spreading the WannaCry attack. This vulnerability was actually addressed in Microsoft’s security patches released in March. Unfortunately, many users had not yet installed these critical patches.

 

Impact of WannaCry

 

As the name implies, many Microsoft users probably did want to cry after being hit by this cyberattack. It created a moment where global internet security reached a state of emergency. WannaCry affected the U.K., Spain, Russia, Ukraine, Taiwan, and even some Chinese and U.S. entities. In many cases, companies were forced to pay $300+ to regain access to their files/system. However, there was another even more severe impact, as sixteen National Health Service organizations were locked out of their systems. Many doctors were unable to pull up patient files and emergency rooms were forced to divert people seeking urgent care.

 

Petrwrap/Petwrap/NotPetya Ransomware Attack (June 27, 2017)

 

This attack was even worse than the WannaCry attack. NotPetya did not act like other ransomware malware. Instead, it rebooted victims’ computers and encrypted their hard drive’s master file table, which rendered the master boot record inoperable. Those who were infected lost full access to their system. Additionally, the cyberattack seized information about the file names, size, and location on the physical disk. NotPetya spread because it used the EternalBlue vulnerability, just like WannaCry.

 

Impact of NotPetya

NotPetya reportedly infected 300,000 systems and servers throughout the world, including some in Russia, Denmark, France, the U.K., the U.S., and Ukraine. Ukraine was hit the hardest. Within just a few hours of the infection starting, the country’s government, top energy companies, private and state banks, the main airport, and metro system all reported hits on their systems.

 

How to Protect Your Business From Cyberattacks

 

The evidence is clear. Hackers are always on the prowl and cyberattacks will happen. The key is to be ready for them so you can prevent an attack from being successful. You must take every step possible to protect your company and your private information. There are several important things you can do, including making sure you always install security patches and updates. For example, if infected organizations had installed the update patches in March, they would have been protected from the WannaCry attack. Therefore, this simple step could be the difference in whether or not a cybercriminal is able to successfully hack into your data.

 

Think Prevention, Not Cure

 

While installing every patch developers make might seem like a hassle, the fact is these patches play a significant role in your cybersecurity efforts. There is great wisdom in the saying of “an ounce of prevention is worth a pound of cure” when you’re dealing with cybersecurity. It’s so much easier to take the necessary steps to prevent a cyberhack than it is to overcome all the problems after a breach occurs. Regularly installing security patches is a must, especially since you might not be aware of the possible threats that could be coming.

 

Let SolarWinds Patch Manager Do the Work for You

 

Although constantly installing these updates and patches can be a pain, and it can feel like you get a new patch almost every other day, patches are a necessary evil. Thanks to the SolarWinds® Patch Manager software, you can now leave this tedious chore to someone else. This intuitive patch management software allows you to quickly address software vulnerabilities in your system. SolarWinds Patch Manager offers several key features, including:

 

  1. Simplified patch management. Automate the patching and reporting process and save time by simplifying patch management on servers and workstations.
  2. Extend the capabilities of WSUS patch management. Decrease service interruptions and lower your security risks by helping ensure patches are applied and controlling what gets patched and when.
  3. Extend the use of Microsoft System Center Configuration Manager. Protect your servers, desktops, laptops, and Virtual Machines (VMs) with the most current patches for third-party apps.
  4. Demonstrate Patch Compliance. Stay up to date on all vulnerabilities and create summary reports to show patching status.

 

Additionally, SolarWinds Patch Manager offers a Patch Status Dashboard. The dashboard tracks who got patched and what still needs to be patched. You will be able to see the most recent available patches, the top patches you are still missing, and the overall general health of your cyber environment. Patch Manager also allows you to build your own packages for many other types of files, including .EXE, .MSI, or .MSL.

 

Download SolarWinds Patch Manager now to identify the vulnerabilities in your system and help protect your business.

Were you affected by an internet connectivity outage earlier this week? This outage affected users across the U.S., and originated from Level 3, an ISP recently acquired by CenturyLink®. Because Level 3 also provides infrastructure to other internet providers, some Comcast®, Spectrum®, Verizon®, and AT&T® users experienced outages as well.

          Tweet from Level 3 - https://twitter.com/Level3NOC/status/927633534424141824
                (Source: Twitter)

 

A configuration error? That’s what I thought when I first read this. There are many crazy ways connectivity issues can occur, from rats chewing through cables to your standard PEBKAC error causing a user to holler, “the internet is down!” But configuration errors? This is an easy one to address.

 

Perhaps even more concerning than a massive telecommunications company losing connectivity due to a config error is the amount of time to recover. After the issue was corrected, Level 3 issued a statement to several publications (including TechCrunch, Slate, Mashable, and The Verge), saying:

 

"On Monday, November 6th, our network experienced a service disruption affecting some customers with IP-based services. The disruption was caused by a configuration error. We know how important these services are to our customers. Our technicians were able to restore service within approximately 90 minutes."

 

90 minutes to recover from an issue that is affecting potentially millions* of people in the middle of the workday is about 89 minutes too long. (*Total number of customers affected hasn’t been released, but it included customers of Comcast, Spectrum, Verizon, and AT&T across the U.S., among others.)

 

         

               (Source: DownDetector.com via CNN)

 

Are YOU ready to ensure that something like this doesn’t happen to you? With SolarWinds® Network Configuration Manager (NCM), you can rest easy knowing that you are prepared. Even if a config error does occur, you can quickly rollback to a known-good config that you have saved, thanks to NCM’s automatic backups. If you need to make updates across devices, you can easily push bulk changes. And no need to worry about someone else messing with your configs—you can control who can make changes, and what kind, directly from the NCM console.

 

While we can’t help you with rats chewing your cables, we CAN help with your config management. Download a free trial of Network Configuration Manager today.

 

What are some of the craziest causes of connectivity issues that you’ve encountered?

Imagine this scenario: You are running a Kiwi® server either on-premises or in the cloud, and need to push at least a portion of that log data to Papertrail. This would be especially helpful in situations where Kiwi is already in place, and you need to allow a developer, support contact, etc. external access to limited log data without providing access to the Kiwi server itself. Once these logs are pushed to your Papertrail account, you can grant users access to specific Papertrail log data. These Papertrail logs can be viewed from anywhere, while Kiwi servers are often locked down within a secured network. The best part is that you can maintain a complete local copy of your logs while pushing interesting log data to Papertrail for use with advanced search and alerting features.

 

From your Kiwi Syslog® Service Manager select File -> Setup.

 

In the setup page, you have a rule named Default that displays all log entries sent to Kiwi and logs them to a file.

 

Send everything to Papertrail! If you wish to forward ALL logs seen by Kiwi to Papertrail, add the Send to Papertrail action to your Default rule, or any rule with no filters configured.

 

However, if you want to send only certain messages to Papertrail, you’ll need to add a new rule with a filter to capture just the specific messages you want.

 

We'll be adding 1 New Rule with 2 Filters and 2 Actions.

 

 

FILTERS

 

Filters allow several methods of matching log data. Positive matches result in the actions for that rule being performed on those log lines. Hostname, IP, Message Text, and Priority are the most commonly used filters.

 

Add the new rule by right-clicking Rules and selecting Add rule.

 

 

Under the new rule, right click Filters and Add Filter.

 

 

In the Field section, choose Priority.

 

 

Click on the Priority headings to highlight all the columns.

 

 

Click the green check mark at the bottom, to select the highlighted fields.

 

 

Next, create a new filter to match the text in log lines using the Message Text field, and Simple filter type. Here I used "test" because it will match on all of the Kiwi default test log lines. You can use any text strings in this filter to match log entries you wish to send to Papertrail.

 

ACTIONS!

 

Now configure the actions to take place on log lines matching our filters. Start by adding them to a Kiwi display so we can see what's matching the rule right here in Kiwi.

 

Under the new rule, right-click Actions and Add action.

 

 

Select the Display action at the top of the menu. Set a Display number that corresponds to the display dropdown in the main Kiwi window. You should use a unique display that isn't used by other Kiwi rules. Display 00 shows ALL logs seen by Kiwi by default, so I’ve used Display 01 instead. This will only show everything sent to Papertrail.

 

 

Now add an action to send the matching logs to Papertrail.

 

Under the new rule, right-click Actions and Add action to add another action.

 

 

Select the Log to Papertrail.com (cloud) action to send logs to a Papertrail account. Replace the hostname and port with your own log destination found here: https://papertrailapp.com/account/destinations

 

 

After hitting Apply to save the configuration, use the File –> Send test message to localhost menu item to generate a log line that will be pushed to your Papertrail account and shown on the Kiwi display you set. In your Papertrail account, you’ll see your Kiwi server show up by IP or hostname, but you can rename it as I’ve done here. (Remember: The test log line shown has to match your filters.)

 

 

 

 

Troubleshooting

 

Not seeing log lines in Papertrail? Does the Kiwi server have outbound network connectivity that allows a connection to Papertrail? In ~90% of cases, this is caused by host-based firewalls or other network devices blocking connectivity to Papertrail.

 

The PowerShell® below will test basic UDP connectivity to Papertrail from a Windows® host. Replace the Papertrail Hostname/Port with your actual log destination settings found here. Copy and paste all lines at once into PowerShell. (Run PowerShell as Administrator if you have trouble.)

 

WINDOWS - PowerShell

 

$udp = New-Object Net.Sockets.UdpClient logs6.papertrailapp.com, 12345

$payload = [Text.Encoding]::UTF8.GetBytes("PowerShell to Papertrail - UDP Syslog Test")

$udp.Send($payload, $payload.Length)

 

You can use this similar script to replicate a log transfer to Kiwi. Run this from the same host the Kiwi server is on.

 

$udp = New-Object Net.Sockets.UdpClient 127.0.0.1, 514

$payload = [Text.Encoding]::UTF8.GetBytes("udp papertrail test")

$udp.Send($payload, $payload.Length)

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.