Inquiry Form!

Please use below form for placing any inquiry.

 

Blog

new21yearstonetwin

21 years to Netwin

It has been 21 years here in Netwin. 21 proud years. Every day of these 21 years brought us new experiences, new honors, new relationships, new challenges, new passion, new enthusiasm, new successes and new failures too…. Never ever in these years was a moment when we didn’t thank the almighty for giving us the chance to experience these years. For giving us the chance to be part of this great family. It has been a great experience for us all being part of Netwin. Over these years Netwin has grown as a family with a deep-rooted foundation built on innovation and ethics. Netwin’s strength lies in its family of customers and people who work here.

Netwin was born out a shared passion of a small group of intellectuals who wanted to change the way IT was embraced by people in India, esp. in rural India. Those were the days of the early 90s when IT in India was in the nascent stage. We were all excited to have our hands on something that wasn’t only groundbreaking but would help our customers to easily adopt the IT solutions and reap maximum benefits out of it. Today, when we look at the hundreds and thousands of users of the tens of solutions we have developed, a sense of pride and satisfaction is generated out of the value we could generate in their businesses and their lives. Netwin- A company! I loved it here, the very first day, I am loving it till date and surely would continue to do so even further…
The people I met here weren’t very extraordinary people when we first met. But today they are. They have simplified the complex processes and more importantly, they have made people’s lives easier and more comfortable. I think we still have to do a lot more. Perhaps, the excitement in our journey is just started to get to a different level now.

21 years back, Netwin started with a single solution in banking and today it has evolved into a complete ecosystem of solutions for Banking and Financial , Manufacturing, Retail, HealthCare and various other customer segments We kept evolving with our customers and they, in turn, surprised us and kept us going with their deep appreciation and love. Our customers have always been our partners in progress. They are the people who inspired us at times to go ahead of the curve and kept us motivated by always encouraging to deliver more.

This journey of last 21 years has strengthened my belief that there are good people in this world and also there are many who have many good things in them. Feels great to be a Netwinite for life. Hope to write many more such Anniversary posts…Thanks.

Insights of WannaCry ransomware

Insights of WannaCry ransomware

The recent WannaCry exploit (WannaCrypt/WannaCrypt0r and variants) is ransomware that was leaked by the Shadow Brokers hacker group who published several hacking tools used by the National Security Agency (NSA).

Like other ransomware, WannaCry is designed to infect Windows machines, encrypt all important and personal files, propagate to other systems and ask the user to pay a huge amount of money to (hypothetically) recover the encrypted files. WannaCry uses multiple components to infect (using kernel escalation through the DoublePulsar exploit) and encrypt personal files (using 2048-bit RSA) and self-propagate (SMB spreading through EternalBlue exploit).

Multiple variants have been discovered, fortunately the spread of the first kill switch variant has been stopped, the second version without a kill switch is propagating but the ransomware payload fails to properly deploy (the decompression is not working but the spreading is because EternalBlue and DoublePulsar are still working), upcoming versions will definitely properly deploy without a kill switch.

How and Why WannaCry Propagated So Quickly

First of all, the propagation mechanism is not new. The main vector are the infected emails with embedded JS macro document or phishing and social engineering tactics. After a victim’s computer is compromised, the ransomware tries to self-propagate through its own network scanner to find additional SMBv1 machines and uses EternalBlue exploit to infect the rest of the world.

This vulnerability could allow a remote code execution if an attacker sends messages to a SMBv1 device. WannaCry is using this vector to self-deploy and propagate. Microsoft sent a patch under advisory MS17-010 in March 2017 to solve the vulnerabilities in Windows systems, but unfortunately a huge number of outdated and unpatched Windows devices are still up and running.

Monitoring & Remediation

Your network and security teams can join forces to remediate security attacks. This list has been designed to help your organization to stay alert and to reduce the scope of any WannaCry propagation.

As described, WannaCry relies on multiple vectors to propagate and infect systems. Fewer SMB open doors result in fewer chances for the ransomware to self-propagate.

Alerting / Detection

The first version of WannaCry has a kill switch. It is important not to block this domain as it is a good trigger to detect devices infected with this version. We can be alerted if the kill switch domain or any variant has been reached from the network. Capturing DNS and proxy servers is a good practice. EternalBlue spreads the ransomware through SMBv1 and tries to detect other SMBv1 enabled Servers. This can generate a huge number of ARP and TCP Syn packets. Being able to know what is the normal level of such protocols on the network is useful as an abnormal peak will trigger an alarm and identify which devices are generating unusual ARP / TCP Syn traffic.

Remediation

It is urgent to detect which devices on the network are still using SMBv1. In addition to scanning the network using tools like NMAP, this can be done by creating a real-time alarm (SMBv1 is using a unique pattern in the header). Urgent action is needed to switch off the SMBv1 stack in Windows machines.

An application-aware NPMD solution is a huge advantage to discovering the application code messages. Alerting and trending on application messages gives a very good hint where to first look to discover compromised devices. WannaCry will trigger a huge number of SMB CREATE, DELETE & RENAME operations.

The EternalBlue exploit would generate some weird commands to SMB devices that could be detected as well during the propagation phase. Having a smart solution with an expert analytics engine would help to quickly identify issues.