© Kheng Ho Toh Dreamstime.com
Components |
IBM Security: 'WannaCry2' cyberattacks hitting critical infrastructure
What is WannaCry2? A rapidly spreading cyberattack that was first detected in March and has impacted businesses in nearly 100 countries.
Currently, the source of the attack is unknown. The WannaCry2 attacks have crippled critical infrastructure, including hospitals, telecommunications and distribution/supply chain services.
The scale of this attack was possible because of a vulnerability in the Microsoft Windows Operating System. Although it began like any routine phishing scheme – in which a user clicks on a bad link and malware takes over – WannaCry2’s exploitation of the Windows vulnerability enabled it to spread with great speed from one workstation to a network of users. As a result, it was an attack of one-to-many versus standard phishing attacks, which typically infect one user at a time. While the attack appears disabled now, we expect hackers to reanimate it rapidly, and organizations need to prepare fast.
Broad implications: The implications of the design of this one-to-many attack are profound. Organizations around the world need to understand the elements of these attacks and be prepared for copycat attacks with new twists. While ransomware – the criminal practice of stealing data and not returning it to its owner until a ransom payment is made – was the profit-gaining tactic of choice, criminals could shift to new tactics and schemes in the future. For example, they could use the one-to-many attack scheme through the Microsoft vulnerability to steal personally identifiable information or embed Remote Access Trojans.
Protective actions for all enterprises: Take steps to prevent such attacks, or to get help now
- Patch systems immediately to prevent attacks
- Deploy Security Intelligence systems to detect attacks
- Ensure your employees, suppliers and others who work with your company receive regular security training, such as how to spot suspicious emails.
- Refer to X-Force Ransomware Response Guide to evaluate organizational readiness
- Follow the updates on X-Force Exchange and SecurityIntelligence.com
- Be Vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
- Backup Your Data: Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
- Disable Macros: Document macros have been a common infection vector for ransomware in 2016. Macros from email and documents should be disabled by default to avoid infection.
- Patch and Purge: Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access.