In this digital age, trust has become essential to effective relations among in....
WannaCry; If you think that you are protected, then you are most probably vulnerable
The malicious software known as ransomware has been making headlines after tens of thousands of computers were subject to a global hacking attack that wiped out data. One may wonder: Who is doing this? Is it over yet? Or is your computer secure from this rapid spreading threat that has already infected nearly 150 countries and 200,000 systems only during this past weekend.
As of Friday evening, initially hospitals around the world (NHS in Britain) have been targeted by cybercriminals, where their IT systems got shut down, which consequently resulted in delayed patients’ appointments and canceled operations. National Railway in Germany, Spain’s largest phone company, and Fed Ex in US were some of the biggest corporations that were hit along with the NHS in Britain.
This type of malware, encrypts users’ data, locks them and then demands hundreds of dollars in virtual currency (Bitcoin) in order to return the data to its user. Further, “WannaCry” targeted outdated versions of Microsoft Windows, since they are more easily hacked. The Europol director Rob Wainwright told CNN on Sunday that “very few” people have paid the ransom so far. The Director of Florida Center for Cyber Security in the University of South Florida stated: “It all depends on your situation; you’ve got to make a decision. If you are a company, if you are an enterprise and if your electronic records and patient records are locked up, you have to think twice about not paying a ransom.”
What about cyber-attacks, are they over?
The latest ransomware attack “WannaCry” has been particularly troubling for the healthcare institutions, telecommunication, financial sector and even individuals themselves. The emergence of new threats has caused thousands of security breaches reports, stressing out the disclosure of cybersecurity deficiencies in many organizations. The “WannaCry 1.0” ransomware has profoundly challenged the security frameworks of organizations and their preparedness capabilities to handle cyber-attacks. Brad Smith, chief officer at Microsoft, stated: “This attack demonstrates the degree to which cyber security has become a shared responsibility between tech companies and customers.” But, that’s not the last, since the security researchers have reported the detection of the newest version of ransomware in cyberspace “WannaCry 2.0” that cannot be stopped by triggering the ‘kill-switch’ a safety mechanism to power off an electronic device.
What you should do if you are infected?
The “WannaCry” ransomware has undoubtedly tested the security posture of several companies worldwide, even of those which have expressed systematic belief in the capacity of their security systems to provide the necessary protection. According to The Guardian, “success of the WannaCry hack could make other attacks more likely in the future amid doubts over governments’ ability to secure cyber weapons from theft.”
- Exploiting a vulnerability that has been discovered but not patched by the software or hardware vendor
- Using the human factor weakness to activate the malware on the operating system
- Having access to the low level system instructions that enables the total encryption of the data stored on the system
- Using worms to facilitate the light speed propagation of the attack on the network of the victims
- Using the darknet mechanisms in order to receive the ransom via bitcoin
How can you act as a shield and be safe
Even though risk tends to be highly uncertain, and its management is exceptionally challenging, individuals and companies should employ the necessary mechanisms that contribute to safety improvement. Thus, the establishment of the security framework in organizations is crucial for the safeguarding of the business integrity. It is essential for companies and individuals to regularly backup their data in order to ensure that security measures are in place. “It's also important to have antivirus installed and that it is constantly kept up to date. Be aware of what you're doing and be especially diligent when opening suspicious email attachments. Most importantly, avoid downloading and using pirated software," Fong Choong Fook added.
Generally speaking, companies and individuals shall consider the implementation of fundamental security measures in regards to backup data, patch management and installment of updated antiviruses. In addition, the establishment of a disaster recovery plan is a vital feature of security framework implementation as it facilitates organization’s security maintenance, resuming mission-critical functions, responding quickly and appropriately to incidents and most importantly lowering the cost of damage in organizations assets.
Nevertheless, “in order to reduce the probability and the impact of such events, companies should reinforce the awareness level of their users and patch their systems in a frequent and systematic way,” said Jeff Primus.
Lessons learned
What can we reflect and learn from this attack is that the most effective approach in the prevention of cyber-attacks, particularly ransomwares is the enactment of security measures that impede the exploitation of vulnerabilities in an organization. John McClurg, the Vice President of Cylance said that: “We should also embrace the importance of moving as quickly as possible to the new paradigm of proactively predictive prevention, enabled by AI & Machine Learning, where the weaknesses of signature-based protection are left behind as an ineffectual legacy of the past.”
Moreover, organizations should consider the application of ISO/IEC 27001 security controls, and follow the guidance provided by ISO/IEC 27032. The appropriate security awareness programs for employees, including training and education of the personnel, patch management and regular backup system are the instruments that improve the response to potential cyber-threats in organizations. Controls included in these standards, provide us with the latest and most sophisticated antimalware protection guidelines which ensure that we have a proper and functioning security framework in our organizations.
About the author:
Ardian Berisha
He is a Portfolio Marketing Manager for Information Security Management at PECB. He is in charge of conducting market research while developing and providing information related to ISM standards. If you have any questions, please do not hesitate to contact him: marketing.ism@pecb.com
|
Kushtrim Cernobregu
He is a Portfolio Marketing Manager for IT Security at PECB. He is in charge of conducting market research while developing and providing information related to IT Security standards. If you have any questions, please do not hesitate to contact him: marketing.itsec@pecb.com
|