Ransomware-As-A-Service! WannaCry? Dry those tears.

06.18.2017

by

It is no consolation to those affected that the worldwide WannaCry cyberattack generated more publicity than money. The ransomware infected more than 300,000 computers running both current and older versions of Microsoft Windows, including Windows 7, which accounted for 98% of the infections. The attack encrypted data and paralyzed mission-critical systems, demanding payment in Bitcoin.

While some point the finger at North Korea as the source of the cryptoworm, others suspected script kiddies. Bearing in mind the average demand was for around $300 and the malware coders only made around $50,000, they could well have been right.

But this will still cost big money. Cyber risk modeling firm Cyence estimates the potential organizational cost from the hack at $4 billion, while other groups predict losses would be in the hundreds of millions. All this can still be the tip of the iceberg, with tons of other hackers getting ready to get some more money from the enterprises, by attacking Linux and UNIX devices too!

Attacks like these could have been avoided. Microsoft issued a ‘critical’ patch for Windows 7 on 14 March – nearly two months before the attack – to address this vulnerability, but many organizations had yet to apply it. Once again, an organization’s cyber security is only as strong as the weakest link in the chain. Linux kernel versions are also available for other vulnerabilities being discovered. It is just the will and wish of the CIOs to either dig their head deep in the sand and assume to be safe or take actions before it is too late.

Those who believe that too many organizations are still running XP will have noted that the XP patch arrived well after the first attack. Organizations, faced with potentially massive disruption to business-critical systems, are feeling the pressure to do something, even though they’re not convinced what that ‘something’ is.

You will know by now that the initial attack was foiled when a researcher accidentally activated an in-built kill switch, disabling the encryption payload. The second wave removed this switch but by then many organizations had patched their systems. Microsoft even had to release the patches for XP, Vista and other older versions of OS to help the enterprises and people to patch the leaking boat.

Naturally, the industry has been quick to make a buck on the back of this event. Page one of the Google search for WannaCry is full of ads from those offering to secure the systems of suddenly-twitchy CIOs. (For a fee, of course.) Some are experts, others just use the right words. There are also criminals targeting Windows customers with rogue security software that makes things worse.

Fear is a great motivator in making a buying decision. Because no-one is safe, including Mac, UNIX, and Linux users, as there are dedicated malware variants out there with your name on, too. So the key is to take an organizational view on getting protected against malevolent superpowers or bored teenagers. It’s a mixture of products and practice. Here’s my topline guide.

Embed security in everything. All of it

Firstly, assess your hardware, firmware, operating system, and applications. Security must be embedded throughout as malware can take your devices and computers back to the Stone Age.

Next, ensure your first line of defense, whatever your organization chooses, is backed up by a second and possibly a third. Finally, monitor your environment for abnormal behavior. We can help with all of this.

It’s people, people!

But products alone will not secure your environment. And this is the tricky bit. Because people are both part of the problem and the solution. They are the soft target that open doors to hackers – but with the right tools at hand, can spot issues and prevent attacks. So help them keep malware out:

  1. Think before you click. That email is too good to be true, and is probably a phishing attack. Giving your name, email address and credit card number to a stranger is essentially an idiot tax.
  2. The virtual machine (VM) is no longer a magic bullet. Even a VM needs to touch real data – which can be encrypted just as easily from a virtual as a physical machine.
  3. Only download software from official app stores or the manufacturer. Too-good-to-be-true pricing, pirate or peer-to-peer sites often come with a hidden, special ingredient.
  4. Legal software purchases are a price worth paying. They may be more expensive – but can you afford to lose all your data?
  5. Inform your organization’s IT team if you receive an unexpected or suspicious email or one not intended for you. Do not click on attachments not related to you or your work.

Hey, CISO or CIO. Read this

Even a proven SIEM/SIM tool and/or configuration management tool is not a magic bullet, and will need fine-tuning to suit each environment. But this is the useful, canary-in-a-coalmine indicator that identifies infrastructure attacks – and justifies implementing more powerful and protective tools.

Being aware of industry- or geography-specific cyberattacks and security threats is part of any security regime. So is researching the appropriate solutions and companies. Who does that in your organization?

Point solutions solve one problem quickly, but won’t support a holistic approach to cyber security. However, robust identity lifecycle management is there from cradle-to-grave, bringing users on board, managing and monitoring access, then tying off loose ends when they leave.

Someone, somewhere is busy creating the next Wannacry. Those NSA hacking tools are still out there. So be proactive, and decisive. Hackers won’t wait for you to launch and complete a multi-year process of evaluating products. The time is now.

Things to do

Security information and event management (SIEM) products provide real-time analysis of network hardware and application security alerts. So deploy an effective SIEM/SIM tool. Monitor system patch levels to see if they have strayed from a secure configuration. These tools will help.

ZENWorks Patch Management: get the right patches at the right time.

Change Guardian: monitor changes to your system configuration

Secure Configuration Manager: ensure your baseline configuration stays put

Consider who has access to the critical points of the system. Who can install applications, use SMB network connections? Which people have remote access?  Al this takes thought and management – and an effective identity management tool.

And if you’re determined to really pull up the drawbridge on cybercrime, check out our endpoint management, security management

, and identity and access management software.

And if you haven’t installed the Wannacry patch, then you might want to check out our disaster recovery products. Just sayin’.

Rohit Kumar

Technology Sales Specialist
Share this post:
Tweet about this on TwitterShare on FacebookShare on LinkedInGoogle+

Leave a Reply

Your email address will not be published. Required fields are marked *