Safebreach Labs has updated the Hacker's Playbook™ with simulations for WannaCry. Customers can use these simulations to safely test their security controls against the specific tactics and techniques used in this recent campaign.
The WannaCry ransomware exploits a Windows vulnerability and propagates over TCP port 445/SMB. We encourage all security teams to patch MS17-010, disable the SMBv1 protocol, and ensure updates for WannaCry are are up-to-date on all security products.
To assess security control effectiveness against WannaCry, the SafeBreach Continuous Security Validation Platform specifically tests the following endpoint and network security controls:
Playbook #1293 - Transfer via HTTP/S
Playbook # 1292 - Drop to Disk
Playbook #1294 - Exploiting the vulnerability [MS17-010]
Additional breach methods added recently include:
The Safebreach Hacker's Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.