This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai,Wannacry, and Petya, launched one after the other.

 

Of course, large-scale attacks aren’t new. Attacks like the ILOVEYOU worm and Code Red and Nimda were massive attacks, some of which affected exponentially more devices and organizations that this latest round of attacks. The spread of WannaCry – which reportedly hit a couple of dozen companies in the Philippines – and Petya were quickly curbed unlike these worms of the past. But this isn’t just about scale.

 

Unlike in years past, the new digital economy means organizations rely on data as both a critical resource and an essential source of revenue. And these new attacks are more sophisticated than ever.

 

Attacks like Mirai managed to hijack tens of thousands of IoT devices, such as DVRs and digital CCTV cameras using known device passwords installed by their manufacturers. These devices were then aggregated and used as a weapon to take out a massive chunk of the Internet. More recently, Mirai’s lesser known malware cousin, known as Hajime, upped the ante by adding cross-platform functionality (it currently supports five different platforms), a toolkit with automated tasks, updatable password lists, and the use of thresholds to mimic human behavior in order to stay under the radar.

 

Wannacry pioneered a new sort of ransomware/worm hybrid, something Fortinet calls a ransomworm, in order to use a Microsoft exploit created by the NSA and publicly released by a hacker group known as the Shadow Brokers. Rather than the usual ransomware method of selecting a specific target, Wannacry’s worm functionality allowed it to spread rapidly across the globe, attacking thousands of devices and organization. While the potential was there, the damage was quickly curbed due to an embedded kill switch.

 

And just this past month we saw the emergence of a new ransomworm called Petya. This new malware uses the same worm-based approach of Wannacry, even targeting the exact same vulnerability, but this time with a much more potent payload that can wipe data off a system and even modify a device’s Master Boot Record, rendering the device unusable. Since very little money was made during this attack, we can say that this attack was certainly more focused on taking machines offline than monetization through ransom. Machine availability ransom like Petya may become a much larger problem in the future when spreading through a rapid Ransomworm.

 

I believe that the Wannacry and Petya attacks were simply shots across the bow. They are part of an insidious new opportunistic strategy of targeting newly discovered vulnerabilities with massive, global attacks and increasingly malicious payloads. This is just being the tip of the iceberg and potentially the start of a new wave of attacks we are in for in the future in the form of Ransomworms.

 

What Can You Do?

 

The scale and scope of these attacks have people understandably upset and concerned. But before panic sets in, here are four things you can do to protect your organization.

 

1. Patch and replace

 

Network and device hygiene are perhaps the most neglected elements of security today. The Wannacry ransomworm targeted vulnerabilities that Microsoft had patched two months previously. And in spite of its worldwide impact, Petya was able to successfully target the EXACT SAME vulnerability a month later, compromising thousands of organizations. In fact, most successful cyberattacks target vulnerabilities that are an average of five years old.

 

The answer, of course, is to establish a habit of regularly patching devices. And devices that are too old to patch need to be replaced.

 

2. Know what devices are on your network

 

Of course, you can’t patch devices you don’t know about. This is why you need to invest in either the time or technology to identify every device on your network, determine what its function is, what traffic passes through it, how old it is, what OS and patch level it is running, and who or what devices have access to it.

 

3. Implement a Security Fabric

 

Some of these attacks target IoT devices that simply can’t be patched or updated. Which is why you also need to implement effective security tools that can see and stop the latest threats at multiple places in your network. Fortinet tools, for example, were able to see and stop all of these attacks.

 

But given that our networks now span a wide range of devices, users, and applications deployed across multiple networked ecosystems, isolated tools monitoring traffic that passes a single point in the network are no longer adequate.

 

4. Segment your network

 

Dividing your network into functional segments to protect data and resources isn’t new. Unfortunately, like patching, most organizations fail to do this. They tend to have flat, open networks, and once the perimeter security has been breached, malware can create havoc.

 

For those organizations that have seen their perimeters disappear, this is especially challenging. In the case of vulnerable IoT devices, for example, they should be automatically assigned to a separate, secured network segment so if they begin to behave badly the rest of the network is protected. But segmentation alone isn’t enough. Organizations need to deploy a segmentation strategy designed to meet the security demands of today’s most complex networked environments:

 

1. Network segments need to be secure– You not only need to monitor and inspect devices and traffic moving in and out of a particular network segment. You need to secure data as it moves laterally across your network. Most malware is designed to move across your environment looking for resources to exploit or steal. It is essential that your segmentation strategy be able to see, inspect, and stop malware and unauthorized users and applications attempting to cross between segments.

 

2. Segmentation needs to be automated– Given the number of devices and volume of traffic today’s networks have to deal with; organizations can no longer rely on a manual process for granting or revoking access. What is needed is a way to see and categorize data and devices at the point of access based on a number of contextual characteristics, including what device or application it is, who it belongs to, where it is going, etc. This requires tight integration between your security devices and your access points.

 

3. Segmentation needs to support both vertical and horizontal traffic– Users and applications often need to be able to move laterally across the network, between one secure network zone and the next. When traffic needs to cross segmentation boundaries, a segmentation security solution needs to be able to a) evaluate the connection request and permit or deny it based on policy, b) continuously monitor that traffic passing across the segmentation border, and c) pass credentials and policies to other devices along the data path to ensure that monitoring is maintained and policies are enforced.

 

4. Segmentation needs to be able to identify and isolate rogue and infected devices– You need to keep track of and monitor the behavior of devices once inside a segment. A secure segmentation solution needs to be able to continuously monitor behavior deep inside the network, identify and track malicious traffic, and then quickly identify and isolate rogue or infected devices.

 

5. Segmentation needs to span network environments-Today’s networks are complex. Segmentation solutions need to be able to span the diverse ecosystem of networks, and seamlessly pass along policies and profiles as data and users move across these systems.

 

For security professionals, very little of this should be new. The difference is an incredible urgency for security hygiene and network segmentation to help minimize your organization’s risk exposure to attacks like Petya. And executive business decision makers need to understand that if the appropriate resources aren’t allocated to do these things, they are putting the life of their organization at risk. These are not optional, nice to have security strategies; they are necessities for today’s new normal.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5 October 2018 5:19 PM | 145 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not.... See More
 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5:19 PM | 145 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not...See More

 
Nokia Mobile Introduces Edge-to-Edge Smartphone Experience
Techworld Date Posted: 16 October 2018 4:05 PM | 72 Views
HMD Global, the home of Nokia phones, has announced the availability of the Nokia 6.1 Plus and the Nokia 5.1 Plus in the Philippines.. See More
 
Nokia Mobile Introduces Edge-to-Edge Smartphone Experience
Techworld Date Posted: 4:05 PM | 72 Views
HMD Global, the home of Nokia phones, has announced the availability of the Nokia 6.1 Plus and the Nokia 5.1 Plus in the Philippines.See More

 
Concern for Online Security of Our Older Relatives not Converting into Care, Warns Kaspersky Lab
Techworld Date Posted: 15 May 2018 4:52 PM | 326 Views
It’s well documented that younger generations are spending a greater proportion of their lives online, but they’re not the only ones.. See More
 
Concern for Online Security of Our Older Relatives not Converting into Care, Warns Kaspersky Lab
Techworld Date Posted: 4:52 PM | 326 Views
It’s well documented that younger generations are spending a greater proportion of their lives online, but they’re not the only ones.See More

 
Transcend Wins Good Design Award 2017
Techworld Date Posted: 17 October 2017 3:05 PM | 340 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, today announced that its M.2 SSD Enclosure kit CM42 has won the "Good Design Award 2017" for top-quality, groundbreaking design. The Good.... See More
 
Transcend Wins Good Design Award 2017
Techworld Date Posted: 3:05 PM | 340 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, today announced that its M.2 SSD Enclosure kit CM42 has won the "Good Design Award 2017" for top-quality, groundbreaking design. The Good...See More

 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 24 August 2018 4:42 PM | 77 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The.... See More
 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 4:42 PM | 77 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The...See More

 
Lax Security Leaves Car Sharing Apps Vulnerable to Attack
Techworld Date Posted: 2 August 2018 1:33 PM | 458 Views
Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.. See More
 
Lax Security Leaves Car Sharing Apps Vulnerable to Attack
Techworld Date Posted: 1:33 PM | 458 Views
Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.See More

 
Transcend®’s DrivePro 550 Dashcam Provides Added Protection with Its Dual Lenses
Techworld Date Posted: 27 June 2018 1:17 PM | 338 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the.... See More
 
Transcend®’s DrivePro 550 Dashcam Provides Added Protection with Its Dual Lenses
Techworld Date Posted: 1:17 PM | 338 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the...See More

 
17th Philippine Robotics Olympiad
Techworld Date Posted: 3 July 2018 11:17 AM | 611 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools..... See More
 
17th Philippine Robotics Olympiad
Techworld Date Posted: 11:17 AM | 611 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools....See More

 
Kaspersky Lab Warns of Future Attacks against Digital Money, Urges OFWs to Be Cyber-Savvy to Protect Themselves Abroad
Techworld Date Posted: 7 March 2018 9:59 AM | 536 Views
With the consistent growth of money remittances from overseas Filipino workers (OFWs) and the rising use of digital payment systems in the Philippines, Kaspersky Lab recently emphasized the need for Filipinos to be more.... See More
 
Kaspersky Lab Warns of Future Attacks against Digital Money, Urges OFWs to Be Cyber-Savvy to Protect Themselves Abroad
Techworld Date Posted: 9:59 AM | 536 Views
With the consistent growth of money remittances from overseas Filipino workers (OFWs) and the rising use of digital payment systems in the Philippines, Kaspersky Lab recently emphasized the need for Filipinos to be more...See More

 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 23 August 2018 2:03 PM | 301 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to.... See More
 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 2:03 PM | 301 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to...See More


Power by

Download Free AZ | Free Wordpress Themes