This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai,Wannacry, and Petya, launched one after the other.

 

Of course, large-scale attacks aren’t new. Attacks like the ILOVEYOU worm and Code Red and Nimda were massive attacks, some of which affected exponentially more devices and organizations that this latest round of attacks. The spread of WannaCry – which reportedly hit a couple of dozen companies in the Philippines – and Petya were quickly curbed unlike these worms of the past. But this isn’t just about scale.

 

Unlike in years past, the new digital economy means organizations rely on data as both a critical resource and an essential source of revenue. And these new attacks are more sophisticated than ever.

 

Attacks like Mirai managed to hijack tens of thousands of IoT devices, such as DVRs and digital CCTV cameras using known device passwords installed by their manufacturers. These devices were then aggregated and used as a weapon to take out a massive chunk of the Internet. More recently, Mirai’s lesser known malware cousin, known as Hajime, upped the ante by adding cross-platform functionality (it currently supports five different platforms), a toolkit with automated tasks, updatable password lists, and the use of thresholds to mimic human behavior in order to stay under the radar.

 

Wannacry pioneered a new sort of ransomware/worm hybrid, something Fortinet calls a ransomworm, in order to use a Microsoft exploit created by the NSA and publicly released by a hacker group known as the Shadow Brokers. Rather than the usual ransomware method of selecting a specific target, Wannacry’s worm functionality allowed it to spread rapidly across the globe, attacking thousands of devices and organization. While the potential was there, the damage was quickly curbed due to an embedded kill switch.

 

And just this past month we saw the emergence of a new ransomworm called Petya. This new malware uses the same worm-based approach of Wannacry, even targeting the exact same vulnerability, but this time with a much more potent payload that can wipe data off a system and even modify a device’s Master Boot Record, rendering the device unusable. Since very little money was made during this attack, we can say that this attack was certainly more focused on taking machines offline than monetization through ransom. Machine availability ransom like Petya may become a much larger problem in the future when spreading through a rapid Ransomworm.

 

I believe that the Wannacry and Petya attacks were simply shots across the bow. They are part of an insidious new opportunistic strategy of targeting newly discovered vulnerabilities with massive, global attacks and increasingly malicious payloads. This is just being the tip of the iceberg and potentially the start of a new wave of attacks we are in for in the future in the form of Ransomworms.

 

What Can You Do?

 

The scale and scope of these attacks have people understandably upset and concerned. But before panic sets in, here are four things you can do to protect your organization.

 

1. Patch and replace

 

Network and device hygiene are perhaps the most neglected elements of security today. The Wannacry ransomworm targeted vulnerabilities that Microsoft had patched two months previously. And in spite of its worldwide impact, Petya was able to successfully target the EXACT SAME vulnerability a month later, compromising thousands of organizations. In fact, most successful cyberattacks target vulnerabilities that are an average of five years old.

 

The answer, of course, is to establish a habit of regularly patching devices. And devices that are too old to patch need to be replaced.

 

2. Know what devices are on your network

 

Of course, you can’t patch devices you don’t know about. This is why you need to invest in either the time or technology to identify every device on your network, determine what its function is, what traffic passes through it, how old it is, what OS and patch level it is running, and who or what devices have access to it.

 

3. Implement a Security Fabric

 

Some of these attacks target IoT devices that simply can’t be patched or updated. Which is why you also need to implement effective security tools that can see and stop the latest threats at multiple places in your network. Fortinet tools, for example, were able to see and stop all of these attacks.

 

But given that our networks now span a wide range of devices, users, and applications deployed across multiple networked ecosystems, isolated tools monitoring traffic that passes a single point in the network are no longer adequate.

 

4. Segment your network

 

Dividing your network into functional segments to protect data and resources isn’t new. Unfortunately, like patching, most organizations fail to do this. They tend to have flat, open networks, and once the perimeter security has been breached, malware can create havoc.

 

For those organizations that have seen their perimeters disappear, this is especially challenging. In the case of vulnerable IoT devices, for example, they should be automatically assigned to a separate, secured network segment so if they begin to behave badly the rest of the network is protected. But segmentation alone isn’t enough. Organizations need to deploy a segmentation strategy designed to meet the security demands of today’s most complex networked environments:

 

1. Network segments need to be secure– You not only need to monitor and inspect devices and traffic moving in and out of a particular network segment. You need to secure data as it moves laterally across your network. Most malware is designed to move across your environment looking for resources to exploit or steal. It is essential that your segmentation strategy be able to see, inspect, and stop malware and unauthorized users and applications attempting to cross between segments.

 

2. Segmentation needs to be automated– Given the number of devices and volume of traffic today’s networks have to deal with; organizations can no longer rely on a manual process for granting or revoking access. What is needed is a way to see and categorize data and devices at the point of access based on a number of contextual characteristics, including what device or application it is, who it belongs to, where it is going, etc. This requires tight integration between your security devices and your access points.

 

3. Segmentation needs to support both vertical and horizontal traffic– Users and applications often need to be able to move laterally across the network, between one secure network zone and the next. When traffic needs to cross segmentation boundaries, a segmentation security solution needs to be able to a) evaluate the connection request and permit or deny it based on policy, b) continuously monitor that traffic passing across the segmentation border, and c) pass credentials and policies to other devices along the data path to ensure that monitoring is maintained and policies are enforced.

 

4. Segmentation needs to be able to identify and isolate rogue and infected devices– You need to keep track of and monitor the behavior of devices once inside a segment. A secure segmentation solution needs to be able to continuously monitor behavior deep inside the network, identify and track malicious traffic, and then quickly identify and isolate rogue or infected devices.

 

5. Segmentation needs to span network environments-Today’s networks are complex. Segmentation solutions need to be able to span the diverse ecosystem of networks, and seamlessly pass along policies and profiles as data and users move across these systems.

 

For security professionals, very little of this should be new. The difference is an incredible urgency for security hygiene and network segmentation to help minimize your organization’s risk exposure to attacks like Petya. And executive business decision makers need to understand that if the appropriate resources aren’t allocated to do these things, they are putting the life of their organization at risk. These are not optional, nice to have security strategies; they are necessities for today’s new normal.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Amdocs, Amazon Web Services Gear Up Globe for Meaningful Digital Customer Engagement
Techworld Date Posted: 5 September 2018 4:45 PM | 227 Views
Amdocs (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced its collaboration with Amazon Web Services (AWS) in enabling Globe Telecom. See More
 
Amdocs, Amazon Web Services Gear Up Globe for Meaningful Digital Customer Engagement
Techworld Date Posted: 4:45 PM | 227 Views
Amdocs (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced its collaboration with Amazon Web Services (AWS) in enabling Globe TelecomSee More

 
Up Close and Personal with the WORLDBEX 2019 ICONS of Interior Design
Techworld Date Posted: 1 March 2019 4:52 PM | 48 Views
  It’s not every day that the most prominent interior designers convene under one event with the sole purpose of imparting their expertise. Good thing for enthusiasts and those whose spaces are up for.... See More
 
Up Close and Personal with the WORLDBEX 2019 ICONS of Interior Design
Techworld Date Posted: 4:52 PM | 48 Views
  It’s not every day that the most prominent interior designers convene under one event with the sole purpose of imparting their expertise. Good thing for enthusiasts and those whose spaces are up for...See More

 
Realme 3 First Sale Breaks Shopee’s Record as Fastest-Selling Smartphone under Php10,000
Techworld Date Posted: 29 March 2019 5:19 PM | 84 Views
Game-changing smartphone realme 3 broke the record for fastest-selling smartphone under Php10,000 on its first-ever flash sale on e-commerce platform Shopee. Well-received because of its competitive specifications and affordable price point, this latest innovation.... See More
 
Realme 3 First Sale Breaks Shopee’s Record as Fastest-Selling Smartphone under Php10,000
Techworld Date Posted: 5:19 PM | 84 Views
Game-changing smartphone realme 3 broke the record for fastest-selling smartphone under Php10,000 on its first-ever flash sale on e-commerce platform Shopee. Well-received because of its competitive specifications and affordable price point, this latest innovation...See More

 
Leading the Midrange Game: realme Philippines Brings realme 3 Pro to the Market
Techworld Date Posted: 25 May 2019 4:50 PM | 82 Views
Ready to lead in the midrange smartphone segment, realme Philippines introduces the latest addition to its lineup, the realme 3 Pro. Packed with outstanding smartphone essentials such as optimal system performance, superior cameras and.... See More
 
Leading the Midrange Game: realme Philippines Brings realme 3 Pro to the Market
Techworld Date Posted: 4:50 PM | 82 Views
Ready to lead in the midrange smartphone segment, realme Philippines introduces the latest addition to its lineup, the realme 3 Pro. Packed with outstanding smartphone essentials such as optimal system performance, superior cameras and...See More

 
Aruba Modernizes Network Security to Help Businesses Reduce Risk in the Era of Mobile, Cloud and IoT
Techworld Date Posted: 23 September 2017 1:04 PM | 379 Views
Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), today announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risk in today's.... See More
 
Aruba Modernizes Network Security to Help Businesses Reduce Risk in the Era of Mobile, Cloud and IoT
Techworld Date Posted: 1:04 PM | 379 Views
Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), today announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risk in today's...See More

 
NVIDIA® Sponsors Dota 2 Hotshots TNC Pro Team
Techworld Date Posted: 19 January 2018 5:00 PM | 1513 Views
NVIDIA® today announced its sponsorship of TNC Pro Team, a leading team of gamers in Defense of the Ancients 2, commonly known as Dota 2.. See More
 
NVIDIA® Sponsors Dota 2 Hotshots TNC Pro Team
Techworld Date Posted: 5:00 PM | 1513 Views
NVIDIA® today announced its sponsorship of TNC Pro Team, a leading team of gamers in Defense of the Ancients 2, commonly known as Dota 2.See More

 
From Cloud Growth to a Cloud Mess: Two Out of Three SMBs Struggle with Over-Complicated IT Infrastructure
Techworld Date Posted: 5 July 2018 2:01 PM | 478 Views
As their businesses grow, companies increasingly embrace new business tools and cloud services in an attempt to make their employees’ working lives more efficient and flexible, as well as reduce expenditures. . See More
 
From Cloud Growth to a Cloud Mess: Two Out of Three SMBs Struggle with Over-Complicated IT Infrastructure
Techworld Date Posted: 2:01 PM | 478 Views
As their businesses grow, companies increasingly embrace new business tools and cloud services in an attempt to make their employees’ working lives more efficient and flexible, as well as reduce expenditures. See More

 
Fortinet’s Newest Sandbox Solution Recommended by NSS Labs
Techworld Date Posted: 26 October 2017 1:39 PM | 202 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Breach Detection System (BDS) group test.. See More
 
Fortinet’s Newest Sandbox Solution Recommended by NSS Labs
Techworld Date Posted: 1:39 PM | 202 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Breach Detection System (BDS) group test.See More

 
Fortinet’s FortiClient Blocks 100 Percent Malware in NSS Labs 2019 Advanced Endpoint Test Report
Techworld Date Posted: 27 April 2019 3:15 PM | 71 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced its results from NSS Labs’ 2019 Advanced Endpoint Protection (AEP) Group Test. NSS Labs' AEP report provides the industry’s.... See More
 
Fortinet’s FortiClient Blocks 100 Percent Malware in NSS Labs 2019 Advanced Endpoint Test Report
Techworld Date Posted: 3:15 PM | 71 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced its results from NSS Labs’ 2019 Advanced Endpoint Protection (AEP) Group Test. NSS Labs' AEP report provides the industry’s...See More

 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 30 September 2017 9:37 AM | 593 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new.... See More
 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 9:37 AM | 593 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new...See More


Power by

Download Free AZ | Free Wordpress Themes