Ad
Ad
Ad
Ad
Ad
Ad
© Kheng Ho Toh Dreamstime.com Components | May 16, 2017

IBM Security: 'WannaCry2' cyberattacks hitting critical infrastructure

What is WannaCry2? A rapidly spreading cyberattack that was first detected in March and has impacted businesses in nearly 100 countries.
Currently, the source of the attack is unknown. The WannaCry2 attacks have crippled critical infrastructure, including hospitals, telecommunications and distribution/supply chain services.

The scale of this attack was possible because of a vulnerability in the Microsoft Windows Operating System. Although it began like any routine phishing scheme – in which a user clicks on a bad link and malware takes over – WannaCry2’s exploitation of the Windows vulnerability enabled it to spread with great speed from one workstation to a network of users. As a result, it was an attack of one-to-many versus standard phishing attacks, which typically infect one user at a time. While the attack appears disabled now, we expect hackers to reanimate it rapidly, and organizations need to prepare fast.

Broad implications: The implications of the design of this one-to-many attack are profound. Organizations around the world need to understand the elements of these attacks and be prepared for copycat attacks with new twists. While ransomware – the criminal practice of stealing data and not returning it to its owner until a ransom payment is made – was the profit-gaining tactic of choice, criminals could shift to new tactics and schemes in the future. For example, they could use the one-to-many attack scheme through the Microsoft vulnerability to steal personally identifiable information or embed Remote Access Trojans.

Protective actions for all enterprises: Take steps to prevent such attacks, or to get help now
  • Patch systems immediately to prevent attacks
  • Deploy Security Intelligence systems to detect attacks
  • Ensure your employees, suppliers and others who work with your company receive regular security training, such as how to spot suspicious emails.
  • Refer to X-Force Ransomware Response Guide to evaluate organizational readiness
  • Follow the updates on X-Force Exchange and SecurityIntelligence.com
In 2016, ransomware emerged as one of the leading cybersecurity threats to both businesses and consumers. The ransomware actors are opportunistic and financially motivated. The FBI estimated that in just the first 3 months of 2016, cybercriminals made a reported USD 209 million. This would put criminals on pace to make nearly USD 1 billion in 2016 from their use of the malware. Compared to 2015, ransomware brought in USD 24 million for all of 2015 – that’s a dramatic 771 percent increase from 2015 to 2016.

IBM X-Force researchers have identified that ransomware was included in nearly 40 percent of all spam emails sent in 2016, up from less than 0.6 percent in 2015 – a significant 6'000 percent increase in the spread of the extortion tool.

Quick Prevention Tips:
  • Be Vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
  • Backup Your Data: Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
  • Disable Macros: Document macros have been a common infection vector for ransomware in 2016. Macros from email and documents should be disabled by default to avoid infection.
  • Patch and Purge: Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access.
To report a cybercrime, including becoming the victim of ransomware:

In the U.S. report via the FBI’s Internet Crime Complaint Center (IC3): https://www.ic3.gov/default.aspx

In Europe report via Europol’s Cybercrime Reporting website: https://www.europol.europa.eu/report-a-crime/report-cybercrime-online

Comments

Please note the following: Critical comments are allowed and even encouraged. Discussions are welcome. Verbal abuse, insults and racist / homophobic remarks are not. Such comments will be removed.
Further details can be found here.
Load more news
December 04 2017 9:30 PM V8.9.2-2