EXPERT BROOKS ON #CYBERSECURITY: IS WANNACRY RANSOMWARE JUST THE WARM-UP ACT? by Zac Hale

EXPERT BROOKS ON #CYBERSECURITY: IS WANNACRY RANSOMWARE JUST THE WARM-UP ACT?

Ironically Warren Buffet recently stated that “I don’t know that much about cyber, but I do think that’s the number one problem with mankind.” He is right. Cybersecurity is a preeminent threat.

What is being called the largest ransomware attack is being described as a real wakeup call y many cybersecurity experts and government officials. The ransomware disrupted hospital , organizational and company networks that were not well protected and up to date. Low hanging fruit for hackers. It did not turn out to be as lethal as originally feared, but it certainly demonstrated the global vulnerabilities associated with inter-connected networks and devices.

Facts are still being analyzed and disputed but It appeared initially that the cyber-extortion attack was perhaps initiated with a phishing/macro email attack, involving a variant of a ransomware called “WannaCry”, that exploited a Microsoft Windows Flaw. But in forensic reviews there is still no definitive explanation of how the malware propagated or who are the culprits, although some suspect North Korean involvement. What we do know that the ransomware was self-replicating and spread swiftly reaching over 100 countries. In various countries, industry, organizations and government were victimized. The Czech security company Avast stated that they saw 57,000 infections included major hits in Russia, Ukraine and Taiwan. (http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/) British Prime Minister Theresa May called it “an international attack. Cybersecurity is truly a global threat and problem. (http://www.businessinsider.com/theresa-may-nhs-cyberattack-part-of-international-attack-2017-5)

It is thought that early ransomware spread via email and was propagated via online advertising. The ransomware locks computers and then launches a ransom note in a text file demanding payment. In this case, the ransom was $300 per device. Of particular concern were the attacks on the UK National Health Service. Non-emergency operations were suspended and ambulances were diverted because of the WannyCry attacks. Hospitals are often targets for cyber-attacks because they often use a multitude of devices, systems, and networks allowing for more surface attack areas. Also, They generally to not have adequate security operating budgets.

The UK health is not alone in being a top target. A report by Michigan State University, examined Department of Health and Human Services (HHS) data noted that almost 1,800 cyber-attacks occurred in hospitals across the US over a seven-year period, but only 68 percent of these breaches were reported. (http://www.dailymail.co.uk/health/article-4391424/Hundreds-major-hospital-data-breaches-gone-unreported.html) The real issues with healthcare is that the risks are high as it could involve a life or death situation, but cybersecurity defense are poor.

Ransomware is not a new threat, it has been around for at least 15 years, but it has become a trending one. Experts estimate that there are now 124 separate families of ransomware and hackers have become very adept at hiding malicious code. Success for hackers does not always depend on using the newest and most sophisticated malware.  It is relatively easy for a hacker to do. In most cases, they rely on the most opportune target of vulnerability, especially with the ease of online attacks.

Remedies

There are Remedies for mitigating ransomware. First and foremost Patching and updating of software vulnerabilities must be current. Unfortunately, many companies and organizations are slow, and in many cases, negligent on the update of patches that would prevent breaches. “Software patching has always been a problem amongst most organizations, as patches usually require testing before being deployed to hundreds and thousands of devices,” said Nicole Eagan, chief executive of cybersecurity firm Darktrace, based in Cambridge, U.K., and San Francisco. (http://blogs.lse.ac.uk/businessreview/2017/05/13/nicole-eagan-cybersecurity-is-very-fast-becoming-an-all-out-arms-race/)

Vulnerabilities can also be patched after the fact,  Security researcher MalwareTech registered a hardcoded domain included in the ransomware’s source code to stop its and Microsoft has now added detection and protection against Ransom:Win32.WannaCrypt,

And because phishing is an method for hackers, simply do not click on files that you do not know. Especially spam fake job offers, invoices and contests. Also companies and individuals should employ anti-ransomware platforms and technologies to guard your devices And always back up their files!

Companies and government also need to share data. Because of exponential connectivity, further being promulgated via the Internet of Things, future global public/private cooperation will be critical in maintaining a knowledge base to track and counter emerging cyber threats. Department of Homeland Security’s (DHS) cyber-threat information-sharing program implemented as part of the Cybersecurity Information Sharing Act (CISA) is a good basis for a global model to explore

A new mindset is required as information sharing is an important element in defeating malware threats and patching software vulnerabilities. Also, some basic precautions can help mitigate threats and these include training employees to recognize malware and phishing threats, disabling macro scripts, and keeping systems updated.  In the long run, emerging cybersecurity technology, and protocols may not be enough to thwart the exploding trend of ransomware.  They can serve as mitigation tools and hope for global cooperative criminal enforcement to catch up to the threats..

Managed security services (MSS) is also a plausible option for both prevention and incident response,. There are many excellent firms that can professional monitor networks and provide enabling cybersecurity technologies and threat assessments. MSS makes economic sense for many industries and businesses, that do not have (or can afford) the internal subject matter expertise or capabilities to handle increasingly sophisticated breaches.

DHS’s United States Computer Emergency Readiness Team issued a notice providing advice specific to the recent WannaCry ransomware threat, and other phishing threats. Some excerpts:

  • Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization’s helpdesk or search the Internet for the main website of the organization or topic mentioned in the email).
  • Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
  • Follow best practices for Server Message Block (SMB) and update to the latest version immediately.

For general best practices on patching and phishing, users should:

  • Ensure that your applications and operating system has been patched with the latest updates. Vulnerable applications and operating systems are the target of most attacks.
  • information over the Internet before checking a website’s security. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from anti-phishing groups such as the APWG.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.

https://www.us-cert.gov/security-publications/Ransomware

The reality is that we live in an increasingly hyper-connected world that impacts all aspects of our lives. From now onward, managing and protecting data (and critical infrastructure) will be a growing global public/private endeavor. These threats necessitate a clearly defined security strategy for handling this constantly evolving landscape styles of cyber threats — from phishing scams, bots, Distributed Denial of Service Attacks, and ransomware. The recent Trump Executive Order on Cybersecurity is a good step toward developing and improving cybersecurity capabilities in the likelihood of more lethal and sophisticated cyber-attacks that will have global reach. 


Chuck Brooks is Vice President of Government Relations & Marketing for Sutherland Government Solutions.  In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 500 million members.  Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a  member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering  security and technology issues on Capitol Hill.  In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years.  He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Comments are closed.