www.pecb.com

When Recognition Matters

WANNACRY; IF YOU THINK THAT YOU

ARE PROTECTED, THEN YOU ARE MOST

PROBABLY VULNERABLE

The malicious software known as ransomware has been making headlines after tens of thousands of computers were subject to a global hacking attack that wiped out data. One may wonder: Who is doing this? Is it over yet? Or is your computer secure from this rapid spreading threat that has already infected nearly 150 countries and 200,000 systems only during this past weekend.

As of Friday evening, initially hospitals around the world (NHS in Britain) have been targeted by cybercriminals, where their IT systems got shut down, which consequently resulted in delayed patients’ appointments and canceled operations. National Railway in Germany, Spain’s largest phone company, and Fed Ex in US were some of the biggest corporations that were hit along with the NHS in Britain.

This type of malware, decrypts users’ data, locks them and then demands hundreds of dollars in virtual currency (Bitcoin) in order to return the data to its user. Further, “WannaCry” targeted outdated versions of Microsoft Windows, since they are more easily hacked. The Europol director Rob Wainwright told CNN on Sunday that “very few” people have paid the ransom so far. The Director of Florida Center for Cyber Security in the University of South Florida stated: “It all depends on your situation; you’ve got to make a decision. If you are a company, if you are an enterprise and if your electronic records and patient records are locked up, you have to think twice about not paying a ransom.”

WHAT ABOUT CYBER-ATTACKS, ARE THEY OVER?

The latest ransomware attack “WannaCry” has been particularly troubling for the healthcare institutions, telecommunication, financial sector and even individuals themselves. The emergence of new threats has caused thousands of security breaches reports, stressing out the disclosure of cybersecurity deficiencies in many organizations. The “WannaCry 1.0” ransomware has profoundly challenged the security frameworks of organizations and their preparedness capabilities to handle cyber-attacks. Brad Smith, chief officer at Microsoft, stated: “This attack demonstrates the degree to which cyber security has become a shared responsibility between tech companies and customers.” But, that’s not the last, since the security researchers have reported the detection of the newest version of ransomware in cyberspace “WannaCry 2.0” that cannot be stopped by triggering the ‘kill-switch’ a safety mechanism to power off an electronic device.

The Director of LGMS Global Fong Choong Fook emphasized that: “we have seen worse and devastating ransomware attacks before but WannaCry infection rate is one of the fastest ever as it exploits the vulnerability that exists in Windows”. Consequently, the degree at which “WannaCry” ransomware has spread in the world is to be remembered as the failure of numerous institutions, businesses, and organizations to prevent, detect and respond effectively to cyber threats. In today’s turbulent world, everyone is at risk, from individuals to businesses themselves. The threat is real, and it’s not over just yet.

//////////////////////////////////////////////////////////////////////////////////////////////////////

2 WANNACRY; IF YOU THINK THAT YOU ARE PROTECTED, THEN YOU ARE MOST PROBABLY VULNERABLE MAY 2017

WHAT YOU SHOULD DO IF YOU ARE INFECTED?

The “WannaCry” ransomware has undoubtedly tested the security posture of several companies worldwide, even of those which have expressed systematic belief in the capacity of their security systems to provide the necessary protection. According to The Guardian, “success of the WannaCry hack could make other attacks more likely in the future amid doubts over governments’ ability to secure cyber weapons from theft.” “WannaCry” ransomware has particularly contributed to an enhancement of awareness of security vulnerabilities of organizations, stressing poorly trained end users and poorly patched management systems, said David Christiansen, Managing Director at Ezentria Inc. Both of potential vulnerabilities are of fundamental importance in ensuring the integrity of an organization and its business continuity. Nevertheless, Jeff Primus, the chief executive officer of ACTAGIS has acknowledged and visualized the non-revolutionary security scheme which is based on a conjunction of known techniques:

~ Exploiting a vulnerability that has been discovered but not patched by the software or hardware vendor. ~ Using the human factor weakness to activate the malware on the operating system ~ Having access to the low level system instructions that enables the total encryption of the data

stored on the system ~ Using worms to facilitate the light speed propagation of the attack on the network of the victims ~ Using the darknet mechanisms in order to receive the ransom via bitcoin

The aforementioned scenario indicates that in most of the cases the victims are powerless and not prepared in responding effectively to incidents due to the lack of security awareness plan within the organization, appropriate education, and implementation of adequate security controls. Yet, ransomwares can be seen as a nightmare scenario that has helped organizations to recognize the importance of security measures; thus, shifting attention to security features such as patch management, security awareness, employee training and education.

3

//////////////////////////////////////////////////////////////////////////////////////////////////////

WANNACRY; IF YOU THINK THAT YOU ARE PROTECTED, THEN YOU ARE MOST PROBABLY VULNERABLEMAY 2017

//////////////////////////////////////////////////////////////////////////////////////////////////////

4 WANNACRY; IF YOU THINK THAT YOU ARE PROTECTED, THEN YOU ARE MOST PROBABLY VULNERABLE MAY 2017

HOW CAN YOU ACT AS A SHIELD AND BE SAFE

Even though risk tends to be highly uncertain, and its management is exceptionally challenging, individuals and companies should employ the necessary mechanisms that contribute to safety improvement. Thus, the establishment of the security framework in organizations is crucial for the safeguarding of the business integrity. It is essential for companies and individuals to regularly backup their data in order to ensure that security measures are in place. “It's also important to have antivirus installed and that it is constantly kept up to date. Be aware of what you're doing and be especially diligent when opening suspicious email attachments. Most importantly, avoid downloading and using pirated software," Fong Choong Fook added.Generally speaking, companies and individuals shall consider the implementation of fundamental security measures in regards to backup data, patch management and installment of updated antiviruses. In addition, the establishment of a disaster recovery plan is a vital feature of security framework implementation as it facilitates organization’s security maintenance, resuming mission-critical functions, responding quickly and appropriately to incidents and most importantly lowering the cost of damage in organizations assets.

Nevertheless, “in order to reduce the probability and the impact of such events, companies should reinforce the awareness level of their users and patch their systems in a frequent and systematic way,” said Jeff Primus.

LESSONS LEARNED

What can we reflect and learn from this attack is that the most effective approach in the prevention of cyber-attacks, particularly ransomwares is the enactment of security measures that impede the exploitation of vulnerabilities in an organization. John McClurg, the Vice President of Cylance said that: “We should also embrace the importance of moving as quickly as possible to the new paradigm of proactively predictive prevention, enabled by AI & Machine Learning, where the weaknesses of signature-based protection are left behind as an ineffectual legacy of the past.”

Moreover, organizations should consider the application of ISO/IEC 27001 security controls, and follow the guidance provided by ISO/IEC 27032. The appropriate security awareness programs for employees, including training and education of the personnel, patch management and regular backup system are the instruments that improve the response to potential cyber-threats in organizations. Controls included in these standards, provide us with the latest and most sophisticated antimalware protection guidelines which ensure that we have a proper and functioning security framework in our organizations.