This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai,Wannacry, and Petya, launched one after the other.

 

Of course, large-scale attacks aren’t new. Attacks like the ILOVEYOU worm and Code Red and Nimda were massive attacks, some of which affected exponentially more devices and organizations that this latest round of attacks. The spread of WannaCry – which reportedly hit a couple of dozen companies in the Philippines – and Petya were quickly curbed unlike these worms of the past. But this isn’t just about scale.

 

Unlike in years past, the new digital economy means organizations rely on data as both a critical resource and an essential source of revenue. And these new attacks are more sophisticated than ever.

 

Attacks like Mirai managed to hijack tens of thousands of IoT devices, such as DVRs and digital CCTV cameras using known device passwords installed by their manufacturers. These devices were then aggregated and used as a weapon to take out a massive chunk of the Internet. More recently, Mirai’s lesser known malware cousin, known as Hajime, upped the ante by adding cross-platform functionality (it currently supports five different platforms), a toolkit with automated tasks, updatable password lists, and the use of thresholds to mimic human behavior in order to stay under the radar.

 

Wannacry pioneered a new sort of ransomware/worm hybrid, something Fortinet calls a ransomworm, in order to use a Microsoft exploit created by the NSA and publicly released by a hacker group known as the Shadow Brokers. Rather than the usual ransomware method of selecting a specific target, Wannacry’s worm functionality allowed it to spread rapidly across the globe, attacking thousands of devices and organization. While the potential was there, the damage was quickly curbed due to an embedded kill switch.

 

And just this past month we saw the emergence of a new ransomworm called Petya. This new malware uses the same worm-based approach of Wannacry, even targeting the exact same vulnerability, but this time with a much more potent payload that can wipe data off a system and even modify a device’s Master Boot Record, rendering the device unusable. Since very little money was made during this attack, we can say that this attack was certainly more focused on taking machines offline than monetization through ransom. Machine availability ransom like Petya may become a much larger problem in the future when spreading through a rapid Ransomworm.

 

I believe that the Wannacry and Petya attacks were simply shots across the bow. They are part of an insidious new opportunistic strategy of targeting newly discovered vulnerabilities with massive, global attacks and increasingly malicious payloads. This is just being the tip of the iceberg and potentially the start of a new wave of attacks we are in for in the future in the form of Ransomworms.

 

What Can You Do?

 

The scale and scope of these attacks have people understandably upset and concerned. But before panic sets in, here are four things you can do to protect your organization.

 

1. Patch and replace

 

Network and device hygiene are perhaps the most neglected elements of security today. The Wannacry ransomworm targeted vulnerabilities that Microsoft had patched two months previously. And in spite of its worldwide impact, Petya was able to successfully target the EXACT SAME vulnerability a month later, compromising thousands of organizations. In fact, most successful cyberattacks target vulnerabilities that are an average of five years old.

 

The answer, of course, is to establish a habit of regularly patching devices. And devices that are too old to patch need to be replaced.

 

2. Know what devices are on your network

 

Of course, you can’t patch devices you don’t know about. This is why you need to invest in either the time or technology to identify every device on your network, determine what its function is, what traffic passes through it, how old it is, what OS and patch level it is running, and who or what devices have access to it.

 

3. Implement a Security Fabric

 

Some of these attacks target IoT devices that simply can’t be patched or updated. Which is why you also need to implement effective security tools that can see and stop the latest threats at multiple places in your network. Fortinet tools, for example, were able to see and stop all of these attacks.

 

But given that our networks now span a wide range of devices, users, and applications deployed across multiple networked ecosystems, isolated tools monitoring traffic that passes a single point in the network are no longer adequate.

 

4. Segment your network

 

Dividing your network into functional segments to protect data and resources isn’t new. Unfortunately, like patching, most organizations fail to do this. They tend to have flat, open networks, and once the perimeter security has been breached, malware can create havoc.

 

For those organizations that have seen their perimeters disappear, this is especially challenging. In the case of vulnerable IoT devices, for example, they should be automatically assigned to a separate, secured network segment so if they begin to behave badly the rest of the network is protected. But segmentation alone isn’t enough. Organizations need to deploy a segmentation strategy designed to meet the security demands of today’s most complex networked environments:

 

1. Network segments need to be secure– You not only need to monitor and inspect devices and traffic moving in and out of a particular network segment. You need to secure data as it moves laterally across your network. Most malware is designed to move across your environment looking for resources to exploit or steal. It is essential that your segmentation strategy be able to see, inspect, and stop malware and unauthorized users and applications attempting to cross between segments.

 

2. Segmentation needs to be automated– Given the number of devices and volume of traffic today’s networks have to deal with; organizations can no longer rely on a manual process for granting or revoking access. What is needed is a way to see and categorize data and devices at the point of access based on a number of contextual characteristics, including what device or application it is, who it belongs to, where it is going, etc. This requires tight integration between your security devices and your access points.

 

3. Segmentation needs to support both vertical and horizontal traffic– Users and applications often need to be able to move laterally across the network, between one secure network zone and the next. When traffic needs to cross segmentation boundaries, a segmentation security solution needs to be able to a) evaluate the connection request and permit or deny it based on policy, b) continuously monitor that traffic passing across the segmentation border, and c) pass credentials and policies to other devices along the data path to ensure that monitoring is maintained and policies are enforced.

 

4. Segmentation needs to be able to identify and isolate rogue and infected devices– You need to keep track of and monitor the behavior of devices once inside a segment. A secure segmentation solution needs to be able to continuously monitor behavior deep inside the network, identify and track malicious traffic, and then quickly identify and isolate rogue or infected devices.

 

5. Segmentation needs to span network environments-Today’s networks are complex. Segmentation solutions need to be able to span the diverse ecosystem of networks, and seamlessly pass along policies and profiles as data and users move across these systems.

 

For security professionals, very little of this should be new. The difference is an incredible urgency for security hygiene and network segmentation to help minimize your organization’s risk exposure to attacks like Petya. And executive business decision makers need to understand that if the appropriate resources aren’t allocated to do these things, they are putting the life of their organization at risk. These are not optional, nice to have security strategies; they are necessities for today’s new normal.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Clean Machines: Startup’s Bots Sweep Up Corporate Campuses
Techworld Date Posted: 4 March 2019 3:49 PM | 177 Views
Gregg Ratanaphanyarat and Dawei Ding joined the ranks of college dropouts in 2016, leaving Penn State to launch a robotics startup for outdoor cleaning.. See More
 
Clean Machines: Startup’s Bots Sweep Up Corporate Campuses
Techworld Date Posted: 3:49 PM | 177 Views
Gregg Ratanaphanyarat and Dawei Ding joined the ranks of college dropouts in 2016, leaving Penn State to launch a robotics startup for outdoor cleaning.See More

 
SAP Launches Youth Enablement Program in Southeast Asia
Techworld Date Posted: 16 September 2017 9:43 AM | 511 Views
SAP SE (NYSE: SAP) today announces the launch of its flagship program for young talents, SAP's Young Professional Program (YPP), in Southeast Asia. Developed by the SAP Training and Development Institute (SAP TDI), this.... See More
 
SAP Launches Youth Enablement Program in Southeast Asia
Techworld Date Posted: 9:43 AM | 511 Views
SAP SE (NYSE: SAP) today announces the launch of its flagship program for young talents, SAP's Young Professional Program (YPP), in Southeast Asia. Developed by the SAP Training and Development Institute (SAP TDI), this...See More

 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 20 July 2017 2:31 PM | 411 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in.... See More
 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 2:31 PM | 411 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in...See More

 
NVIDIA and BINUS University Collaborate on First AI R and D Centre in Indonesia
Techworld Date Posted: 29 August 2017 4:58 PM | 461 Views
NVIDIA today announced a collaboration with BINUS University and Kinetica to establish the first artificial intelligence (AI) research and development (R&D) centre in Indonesia. Located at the university's Anggrek Campus, the centre will support BINUS.... See More
 
NVIDIA and BINUS University Collaborate on First AI R and D Centre in Indonesia
Techworld Date Posted: 4:58 PM | 461 Views
NVIDIA today announced a collaboration with BINUS University and Kinetica to establish the first artificial intelligence (AI) research and development (R&D) centre in Indonesia. Located at the university's Anggrek Campus, the centre will support BINUS...See More

 
Ransomare vs Cities in 2019: 174 and Counting
Techworld Date Posted: 15 January 2020 10:23 AM | 212 Views
Ransomare vs Cities in 2019: 174 and Counting. See More
 
Ransomare vs Cities in 2019: 174 and Counting
Techworld Date Posted: 10:23 AM | 212 Views
Ransomare vs Cities in 2019: 174 and CountingSee More

 
PLDT Home WiFi Launches New Prepaid Load Experience: Bigger Data, Faster Speeds
Techworld Date Posted: 5 July 2019 3:56 PM | 389 Views
PLDT Home WiFi Launches New Prepaid Load Experience: Bigger Data, Faster Speed. See More
 
PLDT Home WiFi Launches New Prepaid Load Experience: Bigger Data, Faster Speeds
Techworld Date Posted: 3:56 PM | 389 Views
PLDT Home WiFi Launches New Prepaid Load Experience: Bigger Data, Faster SpeedSee More

 
Apacer Awarded Again by 26th Taiwan Excellence. Outstanding Innovative R&D Strength is Recognized
Techworld Date Posted: 24 October 2017 10:32 AM | 22 Views
Digital storage leader Apacer Technology Inc. has done it again! The company just celebrated its 20th anniversary, and is currently awarded for the 9th consecutive win with the 26th Taiwan Excellence.. See More
 
Apacer Awarded Again by 26th Taiwan Excellence. Outstanding Innovative R&D Strength is Recognized
Techworld Date Posted: 10:32 AM | 22 Views
Digital storage leader Apacer Technology Inc. has done it again! The company just celebrated its 20th anniversary, and is currently awarded for the 9th consecutive win with the 26th Taiwan Excellence.See More

 
PLDT, Smart Emerge as Undisputed Fastest Fixed and Mobile Networks in PH
Techworld Date Posted: 11 April 2019 11:08 AM | 230 Views
Filipinos enjoy a much better digital experience whether at home or on the go with PLDT and Smart, which recently emerged as the undisputed fastest fixed and mobile networks in the Philippines, based on.... See More
 
PLDT, Smart Emerge as Undisputed Fastest Fixed and Mobile Networks in PH
Techworld Date Posted: 11:08 AM | 230 Views
Filipinos enjoy a much better digital experience whether at home or on the go with PLDT and Smart, which recently emerged as the undisputed fastest fixed and mobile networks in the Philippines, based on...See More

 
Kaspersky Lab Bags Two Wins At Networks Asia Information Management Awards 2018
Techworld Date Posted: 11 June 2018 4:19 PM | 694 Views
(From left) Jesmond Chang, Head of Corporate Communications for Kaspersky Lab APAC, receives the award from Nikolay Novozhilov, Head of Digital Products at NTUC Link   Kaspersky Lab announced its win of two cybersecurity.... See More
 
Kaspersky Lab Bags Two Wins At Networks Asia Information Management Awards 2018
Techworld Date Posted: 4:19 PM | 694 Views
(From left) Jesmond Chang, Head of Corporate Communications for Kaspersky Lab APAC, receives the award from Nikolay Novozhilov, Head of Digital Products at NTUC Link   Kaspersky Lab announced its win of two cybersecurity...See More

 
Transcend Offers Lightning-enable Storage Solution, the Perfect Match for iOS Devices
Techworld Date Posted: 23 August 2017 1:44 PM | 552 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to introduce its bidirectional transmission and storage solution for iOS device users. Transcend's Lightning offerings, crafted for use with iOS.... See More
 
Transcend Offers Lightning-enable Storage Solution, the Perfect Match for iOS Devices
Techworld Date Posted: 1:44 PM | 552 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to introduce its bidirectional transmission and storage solution for iOS device users. Transcend's Lightning offerings, crafted for use with iOS...See More


Power by

Download Free AZ | Free Wordpress Themes