crypto

Lessons of The WannaCry Attack

Lessons of The WannaCry Attack

On May 12, what experts are calling “the largest ransomware infection in history”[1] was launched against more than 200,000 computer targets in 150 countries. Called “WannaCry,” the hack cast a harsh light on the growing threat of ransomware, and that of DDoS attacks in general. In global research that was released by Neustar, ransomware experienced in concert with DDoS attacks have increased 54% from 2016.

We asked security experts what organizations can do to lower the risks posed by these threats.

We know a lot about security: What the best practices are, where our vulnerabilities lie, how damaging an attack can be, but successful risk management depends on more than knowledge, for several reasons. Firstly, knowing what to do and actually doing it are two separate things. And second, we just don’t know where and when the next attack will happen, much less the constant evolving of attacker methods and tactics.

Experts we consulted pointed to three keys for DDoS risk mitigation: updates, an overall defense strategy, and education.

Stay Up-to-Datecrypto

Everyone knows they should keep systems updated. And yet failing to keep up with a basic security best practices — patch and system updates — played a big role in the WannaCry attack.  WannaCry takes advantage of the Windows exploit known as EternalBlue, which exploits a vulnerability in Windows operating systems. In some cases, like that of Windows XP, official support and patching ended three years ago. But millions of machines around the world are still running XP.

First off, some, like George Gerchow, VP of security and compliance for Sumo Logic, expressed disbelief “that patching is still an issue in 2017.”

“Organizations must push all critical security patches within 24 hours – no excuses. This is the DevSecOps advantage of baking security into your DNA.”

“As WannaCry exhibited, the patching of computers is critical in keeping up to date with security fixes,” says Chris Rouland, founder of Phosphorus.  “We have not seen a worm with lateral network movement like WannaCry for some time, and it was due to a massive vulnerable population that was exploited.”

Wayne Sadin, CIO at Affinitas Life, points out protection goes beyond the OS. “Preventing intrusions starts with keeping critical network components up to date: apply patches quickly and don’t run obsolete (i.e. unsupported) hardware or software. Technical Debt creates inestimable risks as threats evolve.”

Adds Paul Teich, Principal Analyst at TIRIAS Research, “Ransomware preys on known security exploits, so make sure all patches are up to date. If you rely on older apps, then think about modernizing, the threat environment is only going to get worse.”

Education and Backup are Critical

Backup is a key here. “The best ways to mitigate against a ransomware attack is to have an effective backup plan already in place, in addition to having an awareness plan in place to train end-users,” urges Ben Rothke, Principal Security Consultant at Nettitude Group.

Joseph Steinberg, CEO at SecureMySocial, expands on the backup aspect. “Make sure that you both 1. backup frequently to backups that are physically and logically disconnected from the source they are protecting, and 2. train and encourage your employees to practice good cybersecurity hygiene.”

Automation & Other Best Practices

AI, automation, and centralized security management can amplify prevention efforts, and play key roles in a world that extends far beyond the firewall. “Network security is broader than ever with many companies extending to endpoints around the world in homes and offices, interfacing with applications both on premise and in the cloud,” says

Eric Vanderburg, security and technology thought leader, consultant and author.

“Network security, therefore, must extend to the endpoints as well as cloud and traditional services, scanning these nodes for malware, assessing vulnerabilities, implementing data loss prevention, and organizational policies wherever they are and connect them to centrally managed security tools equipped with anomaly detection, event correlation, and alerting.”

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.