Kevin James - The IT Control Specialists

    Ransomware: Why IT Accountability matters

    Last week’s Wannacry or Wcry Crypto Virus attack was a wake-up call for a lot of companies. The world is not a safe place while IT systems are not properly managed, and systems cannot be properly managed while investment in data protection is at an all time low.

    This is a quandary with only two long term solutions: a) Create a full Disaster Recovery and Business Continuity plan, or B) outsource your IT to a hosting company which invests highly in factors such as cyber security and spends time ensuring consistency for IT systems…. Or preferably both.

    Disaster Recovery and Business Continuity is about expecting the worst and putting measures in place to ensure you can get back up and running ASAP. This involves multi-off-site backups and reimaging software.

    IT Outsourcing often involves Disaster Recovery as standard and often houses data in the most secure environments. To ensure the fastest and most secure environments we use UKFast for the majority of our hosting. They were unaffected by the attacks due to their hardware being properly maintained and software exploits properly closed.

    The most important things to note about Malware and Ransomware are: a) they take time to create, and thus often exploit older versions of software and b) they rely on improper management of IT systems to infect machines. If these two factors are taken into consideration, your IT environments will become far more secure. It’s that simple.

     

    Ransomware is not just about users.

    Yes, in many cases ransomware often involves a user opening an email or visiting a website and clicking a link. At least for today this is the primary Vector (or route) for a virus entering a network. Malicious emails and links are designed with the sole purpose of getting users to take an action, much like news stories with enticing headlines.

    We are, after all, human. This means that sometimes we are led into making mistakes. From here, only unprotected machines are at risk. With the correct anti-virus and software management, Malware or Ransomware should not affect the machine or spread across the network.

    Of course the user should never get this far. We recommend Virus scanning for emails (We use Symantec Cloud) and Dynamic web-page management (We use Smoothwall) to ensure that the user is never presented with the harmful link or email in the first instance. This combination of both preventative and active detection is what real cyber security is all about. Note that all of these measures do not really involve the user – who should never be put at able to put the company at risk.

     

    Applications and BYOD are the next threat

    As the trend of unsecured devices connecting to networks grows, and mobile applications gain more access to device functions, it seems increasingly likely that many companies will be caught unaware by attacks as they occur in this arena.

    Taking active steps now and leading decision making is the only real way to decide how companies are going to critical factors such as:

    What applications are safe for use within a business environment? What permissions should be allowed on Mobile devices? What policies should be put in place to make sure BYOD no longer a threat?

    Today, there is a difference of opinion. Some companies are going down the high security route, with walled-off systems. Others are creating wireless networks for private devices and their customers, sharing hardware environments with their company. There are even some who are less concerned by these new risks, and just let anyone connect to their wireless networks. For the most part there is almost no control over application useage or policies, which is a slightly worrying trend.

    Many companies may not know there are special programs which exist to limit these exact risks by ensuring all devices on a network are managed with proper protections, such as software version control, anti-virus requirements, set update schedules, IT policies. This is typically controlled through Endpoint Management (we use Centrastage). While investment in network management tools has seen growth, it seems that this area will see massive growth if attacks of this nature become more common.

     

    You might wannacry, but don’t – do something now instead!

    The problem is that with all of these methods, there need to be measures put in place to ensure they do not hinder operations or expose companies to new risks. In many cases cyber security measures, software updating and data protection choices are a reflex decision rather than a measured long term solution to halt future problems. Indeed many future problems are simply unknowable, such as those which can be hidden within applications which have not yet been invented.

    Perhaps more worrying is the idea that Hackers often do not create viruses and exploits from scratch – they use known backdoors which are exploited by national security agencies such as the NSA and GCHQ. It has now been proven that Wcry or Wannacry, the recent Ransomware attack, was based on a known NSA exploit called EternalBlue. (It seems that information within the Wikileaks documents may have played some role, though this has not yet been confirmed and unlikely that Wikileaks the organisation were involved). This trend, having found success, may well continue while security agencies still operate under the cover of shadows.

     

    Scary Ideas, Real Consequences

    Imagine if Facebook was hacked tomorrow. It currently has 1.65 Billion users, nearly all of which have access to company IT networks if they use the application at work. If the application were to send code across the network and infect servers directly in a co-ordinated attack, the consequences would not just be a global panic, it could quite easily cause a worldwide crash of unknown and unknowable proportions.

    These big ideas are no longer in the realm of science fiction. Various bluechip brand names including Google, Microsoft, Apple and Samsung have been shown to have exploits via Edward Snowden’s Prism leak in 2013. This leak shows that, using backdoors to popular company systems, security agencies are able to do a number of things – for instance take items held on devices, to send messages from devices, steal login information as well as use the camera and microphone.

    Additionally there have been a number of applications which create a hidden vulnerability within that device. Even when deleted, the devices are still infected. These vulnerabilities are undetectable until they are activated – by which time the hacker can insert whatever code they like into the machine. This can range from pranks to disrupt wireless networks right through to an SQL Injection attack – whereby the device seeks to spread itself and corrupt any data it finds.

     

    Talk to KJL. We can help.

    We don’t have all of the answers, but we do have the answers which matter. We can help you ensure users are protected in real-time against any malicious code. We can also make sure companies have an effective and tested Business Continuity and Disaster Recovery plan in case of unknown threats. We can even run security tests on servers to ensure they are hacker-proof, and that companies are fully compliant with data protection regulations.

    Don’t hesitate, just talk to us today and we can ease any IT security fears you may have. We pride ourselves on knowing the things which count, and offering the protection companies need to keep on working. Call now on 01268 627111.


    Sources:

    PRISM: https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

    Facebook Stats: http://www.businessofapps.com/facebook-app-statistics/

    Mobile App Risks: https://www.owasp.org/images/9/94/MobileTopTen.pdf

    Mobile App Code Exploit Example: http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/

    Apple Store Market Fraud (Banking Apps): http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps-market

    Wannacry and the NSA: https://www.ft.com/content/e96924f0-3722-11e7-99bd-13beb0903fa3

    http://www.telegraph.co.uk/news/2017/05/12/russian-linked-cyber-gang-shadow-brokers-blamed-nhs-computer/

    EternalBlue: https://en.wikipedia.org/wiki/EternalBlue

     


    Leave a Comment

    Your email address will not be published. Required fields are marked *