In the past year alone, cybercriminals have upped their game when it comes to high-profile global attacks, with Mirai, WannaCry and Petya all occurring one after the other. The effects have been devastating to some of the world’s largest economies and industries. However, despite the attention in the media, this is not a new phenomenon. Attacks such as the ILOVEYOU worm and Code Red were both huge attacks, in some cases, affecting far more devices and organisations than these latest attacks. On top of this, the spread of WannaCry and Petya were quickly restrained, unlike the worms we’ve seen in the past. Now more than ever, the new digital economy means that organisations rely on data as an essential resource and a vital source of revenue
Attacks like Mirai were able to capture tens of thousands of IoT devices, such as DVRs and digital CCTV cameras using the known device passwords which had been installed by their manufacturers. The attackers were then able to accumulate these devices and weaponise them to take out a huge section of the Internet, across the globe.
WannaCry was at the forefront of a new type of ransomware/worm hybrid, known as a ransomworm. This allowed it to use a Microsoft exploit created by the NSA and publicly released by a hacker group, known as the Shadow Brokers. Ransomworm attacks deviate from the usual ransomware method of selecting a specific target, towards a functionality which allows them to spread rapidly across the globe, compromising thousands of organisations and devices.
Shortly after, we saw the emergence of a new ransomworm, known as Petya. This new malware used the same worm-based approach as WannaCry – even down to exploiting the same vulnerability – however, this time the payload was much more potent, allowing it to wipe data off a system and even modify a device’s Master Boot record, leaving the device completely unusable. Considering that there was very little financial reward for the perpetrators of this attack, it’s safe to say that this attack was more focused on taking machines offline than ransom payloads. A machine availability ransom such as Petya is likely to become a much bigger problem in the future when spreading as a rapid ransomworm.
It is widely believed in the security industry that attacks such as WannaCry and Petya were just an initial test for vulnerabilities, with the worst yet to come. This could just be part of an insidious opportunistic strategy of targeting newly discovered vulnerabilities with massive, global attacks and increasingly malicious payloads. This could be the start of a new wave of global cyberattacks.
A New Hope…
The sheer scale and scope of these attacks may leave organisations feeling powerless and vulnerable. But there are a number of things that they can do to stay safe.
- Patch and replace
Network and device hygiene are basic security steps, but are still widely neglected. The WannaCry ransomworm targeted vulnerabilities which Microsoft had already patched two months before. A month later, Petya was able to exploit the exact same vulnerability, to devastating effect. In fact, most successful cyberattacks target vulnerabilities which are on average, five years old.
It’s so simple and pain free to keep devices patched and updated, organisations must get into the habit. Any device which is too old to patch, must be replaced.
- Know your network inside and out.
Of course, it’s impossible to patch devices on your network if you don’t know about them. Which is why you need to invest time and the technology to identify every device on your network, determine what its purpose is, what traffic passes through it, how old it is, what OS and patch level it is running and who or what devices have access to it.
- Implement an integrated security system.
Some of these attacks target IoT devices that simply can’t be patched or updated. Which is why you also should implement security tools which can see and stop the latest threats at multiple places in your network.
But given that networks now span a vast range of devices, users, and applications deployed across multiple ecosystems, isolated tools monitoring traffic that passes a single point in the network are no longer adequate.
- Segment your network.
Dividing your network into functional segments isn’t a new concept. However, as with patching, most organisations still fall at this hurdle. They tend to have flat, open networks, and once the perimeter has been breached, malware becomes disastrous.
As trends in remote working show no signs of slowing, organisations are seeing their perimeters disappear, which makes securing the network especially challenging. Some of the weakest sections of the networks are IoT devices, so it’s imperative that these are assigned to a separate, secure network away from the main ecosystem. This way, your organisation stands the best chance in the event of a breach. A segmentation strategy designed to meet the security demands of complex networked environments is key for any organisation.
For security professionals, a lot of this should already be on their radar. However, there is an urgency for security hygiene to be implemented in order to minimise the risk of exposure to attacks such as Petya. Executive decision-makers need to understand that without the suitable resources, training and tools in place, every organisation is at risk. As we are living more and more of our lives online, these are no longer optional security strategies, but necessities for today’s new normal.