[BreachExchange] Are global cyberattacks the new normal? 4 steps to protect yourself

Audrey McNeil audrey at riskbasedsecurity.com
Mon Aug 21 19:16:47 EDT 2017


http://www.cbronline.com/news/cybersecurity/protection/
global-cyberattacks-new-normal-4-steps-protect/

Since the beginning of 2017, cyber criminals have ramped up their efforts
considerably, the high profile, global attacks of Mirai, Wannacry and Petya
have occurred one after the other, with crippling effects to some of the
world’s largest economies and industries.

Despite the media attention, large-scale attacks of this nature aren’t new.
Attacks like the ILOVEYOU worm and Code Red were massive attacks, some of
which affected exponentially more devices and organisations than 2017’s
attacks. In addition, the spread of WannaCry and Petya were quickly curbed
unlike these worms of the past. But this isn’t just about scale. Unlike in
years past, today’s organisations rely on data as both a critical resource
and an essential source of revenue. And these new attacks are more
sophisticated than ever…

Mirai was able to hijack tens of thousands of IoT devices, such as DVRs and
digital CCTV cameras using the known device passwords installed by their
manufacturers. These devices were then amassed and used as a weapon to take
out a massive chunk of the Internet across the world. Denying service to a
number of websites including Twitter, Reddit, Netflix, and Airbnb to name
but a few.

Wannacry pioneered a new sort of ransomware/worm hybrid, something we call
a ransomworm, in order to use a Microsoft exploit. Rather than the usual
ransomware method of selecting a specific target, Wannacry’s functionality
allowed it to spread rapidly across the globe, attacking thousands of
devices and organisations

About a month later, we saw the emergence of a new ransomworm, Petya. This
new malware used the same worm-based approach of Wannacry, even targeting
the exact same vulnerability, but this time with a much more potent payload
that could wipe data off a system and even modify a device’s Master Boot
Record, rendering the device unusable. Since very little money was made
during this attack, we can say that this attack was certainly more focused
on taking machines offline than monetization through ransom. A machine
availability ransom like Petya may become a much larger problem in the
future when spreading as a rapid ransomworm.

There is a common belief across the security industry that attacks like
Wannacry and Petya were just used as a test for vulnerabilities. These
attacks are unfortunately, just the tip of the iceberg that could see the
start of a new wave of global cyberattacks in the future

So, what can you do?

The global scale and scope of these recent attacks have people
understandably concerned. But before the panic sets in, here are four tips
to protect your organisation.

Practice network hygiene

Network and device hygiene are perhaps two of the most neglected elements
of cybersecurity today. The Wannacry ransomworm targeted vulnerabilities
that Microsoft had patched two months previously. And in spite of
Wannacry’s global impact and media coverage, Petya was able to successfully
target the exact same vulnerability less than a month later – further
compromising thousands more organisations. In fact, most successful
cyberattacks target vulnerabilities that are an average of five years old.

You should look to regularly patch your organisations’ devices, and devices
too old to be patched, need to replaced.

 Know your network inside and out

It’s impossible to patch devices on your network that you are unaware of.
As such, you should look to invest in the time or technology to identify
every device on your network. Establish its purpose, age, what traffic
passes through it, and what OS and patch level is it running. It’s also
important to know who or what devices have access to it.

Implement an integrated security system

More sophisticated attacks will target IoT which simply cannot be patched
or updated. An integrated security system can detect and stop threats at
multiple places within your network. But given that most organisations’
networks now span a wide range of devices, users, and applications deployed
across multiple ecosystems, isolated tools monitoring traffic that passes a
single point in the network are no longer adequate enough when it comes to
security.

Segment your network

Dividing your network into functional segments to protect data and
resources isn’t a revolutionary idea, but most organisations still fail to
recognise its effectiveness. Most organisations have flat, open networks,
and once the perimeter has been breached, stopping the malware becomes
significantly harder.

With remote working trends only expanding, organisations are seeing their
perimeters disappear, this makes securing their networks especially
challenging.  As we discussed earlier, some of the most vulnerable sections
of networks are IoT devices, as such, these should be assigned to a
separate, secure network away from the main ecosystem. This is going to
give your organisation the best chance in the event of a breach.
Organisations need to deploy a segmentation strategy designed to meet the
security demands of today’s most complex networked environments.

We’re not reinventing the wheel here, for any security professionals, this
should not be new. Business decision makers need to understand that without
the appropriate resources, training and tools in place, their organisation
is at risk. We’re living in a corporate society where these tips are no
longer optional, nice to have security strategies – these are necessities
to face today’s new normal of cyberattacks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170821/f66194da/attachment.html>


More information about the BreachExchange mailing list