As the dust settles from the initial shock of the WannaCry ransomware and the lasting implications of the attack continue to reveal themselves, it is important to look back and see what we can learn from it.
BOHH Labs CTO Ken Hawkins reflects below on what can be said about this latest ransomware/malware and the lessons we can learn it.
This latest attack was put together quickly and seems on the surface to be the work of persons or entities that either are just dabbling in the arena for the first time or it is a brazen attack leaving an easily seen breadcrumb like a trail to the source. Even though it did cause a global issue for a lot of persons, it appears that still today, the oldest tricks are the best in this arena of ransomware.
How it generally happens? Target older end of life OS’s with known issues that have not been patched, phish until you find an entry (clicking a link in email, opening an attachment, etc.) onto a single machine, infect (encrypt), demand a ransom from the user and broadcast to the next unsuspecting victim. Of course, it is a little more involved than that from a technology standpoint; however, for the layman in all of us, this is how it happens. In this case, it was primarily spread through Windows XP machines, which support ended for the OS in 2014 after users were notified as far back as 2008. Think about this, Microsoft notified users a full 6 years before it officially ended support for XP and yet still many corporations kept the OS in place. The reasons of course can vary from a smaller company with no budget to fortune 500 or greater companies who have had some machines still in service.
One needs not go into the deep dark corners of hackerdom arenas to know how this spread and works, nor does a person need to buy the latest and greatest operating system and stay in that endless upgrade cycle. Ransomware like this latest gain a foothold and proliferate in the same manner as the Target security breach of 2013 and others. Someone was duped into clicking a link in an email without knowing where it was going or what was going to happen. Once clicked, the end user probably will not know immediately what has happened. Remember this when you click the clink you are unaware of, you cannot react faster than the computer can change its state. Once you click that risky link of the day your entire computer can be locked down or overtaken in a matter of seconds if not milliseconds!
The lesson we should once again learn here is trust. In today’s information / computer age, trust is still the key to a safe journey ended on the Internet. This trust comes from the individual and not a company. There is no better way to protect yourself from infection than knowing where you are going on the Internet. You can draw a similar parallel of following a GPS while driving. Think about how many times the GPS has given you wrong or longer driving routes, and the frustration you might feel knowing in hindsight that there was a better way. If it takes you longer to get somewhere or you must backtrack, that is time lost at best. Not knowing where you are going on the Internet can cost you your identity, compromise your companies’ network and a possible loss data, which can never be retrieved.
You can say metaphorical statements like “If it looks too good to be true don’t believe it” and others but until we stop being complacent in our Internet travels, these kinds of attacks will continue to affect us all to some degree. I say it like this, know your hyperlinks! If the link looks risky, right click on it, copy and paste it somewhere (notepad, etc.) and look at it before you go. Did it originate from the entity it states the email is from? Watch out for a link that points to a different generic top level domain (.com vs .net)? If you’re unsure and want to make sure, call the entity who sent the email. A little bit of vigilance will go a long way to protecting you and your personal details from the more nefarious entities who unfortunately do lurk the Internet.
No comments:
Post a Comment