Know your network - inside and out.
Since the beginning of 2017, cyber criminals have ramped up their efforts considerably, the high profile, global attacks of Mirai, Wannacry and Petya have occurred one after the other, with crippling effects to some of the world’s largest economies and industries.
Despite the media attention, large-scale attacks of this nature aren’t new. Attacks like the ILOVEYOU worm and Code Red were massive attacks, some of which affected exponentially more devices and organisations than 2017’s attacks. In addition, the spread of WannaCry and Petya were quickly curbed unlike these worms of the past. But this isn’t just about scale. Unlike in years past, today’s organisations rely on data as both a critical resource and an essential source of revenue. And these new attacks are more sophisticated than ever…
Mirai was able to hijack tens of thousands of IoT devices, such as DVRs and digital CCTV cameras using the known device passwords installed by their manufacturers. These devices were then amassed and used as a weapon to take out a massive chunk of the Internet across the world. Denying service to a number of websites including Twitter, Reddit, Netflix, and Airbnb to name but a few.
Wannacry pioneered a new sort of ransomware/worm hybrid, something we call a ransomworm, in order to use a Microsoft exploit. Rather than the usual ransomware method of selecting a specific target, Wannacry’s functionality allowed it to spread rapidly across the globe, attacking thousands of devices and organisations
About a month later, we saw the emergence of a new ransomworm, Petya. This new malware used the same worm-based approach of Wannacry, even targeting the exact same vulnerability, but this time with a much more potent payload that could wipe data off a system and even modify a device’s Master Boot Record, rendering the device unusable. Since very little money was made during this attack, we can say that this attack was certainly more focused on taking machines offline than monetization through ransom. A machine availability ransom like Petya may become a much larger problem in the future when spreading as a rapid ransomworm.
There is a common belief across the security industry that attacks like Wannacry and Petya were just used as a test for vulnerabilities. These attacks are unfortunately, just the tip of the iceberg that could see the start of a new wave of global cyberattacks in the future
So, what can you do?
The global scale and scope of these recent attacks have people understandably concerned. But before the panic sets in, here are four tips to protect your organisation.
Practice network hygiene
Network and device hygiene are perhaps two of the most neglected elements of cybersecurity today. The Wannacry ransomworm targeted vulnerabilities that Microsoft had patched two months previously. And in spite of Wannacry’s global impact and media coverage, Petya was able to successfully target the exact same vulnerability less than a month later – further compromising thousands more organisations. In fact, most successful cyberattacks target vulnerabilities that are an average of five years old.
You should look to regularly patch your organisations’ devices, and devices too old to be patched, need to replaced.
Know your network inside and out
It’s impossible to patch devices on your network that you are unaware of. As such, you should look to invest in the time or technology to identify every device on your network. Establish its purpose, age, what traffic passes through it, and what OS and patch level is it running. It’s also important to know who or what devices have access to it.
Implement an integrated security system
More sophisticated attacks will target IoT which simply cannot be patched or updated. An integrated security system can detect and stop threats at multiple places within your network. But given that most organisations’ networks now span a wide range of devices, users, and applications deployed across multiple ecosystems, isolated tools monitoring traffic that passes a single point in the network are no longer adequate enough when it comes to security.
Segment your network
Dividing your network into functional segments to protect data and resources isn’t a revolutionary idea, but most organisations still fail to recognise its effectiveness. Most organisations have flat, open networks, and once the perimeter has been breached, stopping the malware becomes significantly harder.
With remote working trends only expanding, organisations are seeing their perimeters disappear, this makes securing their networks especially challenging. As we discussed earlier, some of the most vulnerable sections of networks are IoT devices, as such, these should be assigned to a separate, secure network away from the main ecosystem. This is going to give your organisation the best chance in the event of a breach. Organisations need to deploy a segmentation strategy designed to meet the security demands of today’s most complex networked environments.
We’re not reinventing the wheel here, for any security professionals, this should not be new. Business decision makers need to understand that without the appropriate resources, training and tools in place, their organisation is at risk. We’re living in a corporate society where these tips are no longer optional, nice to have security strategies – these are necessities to face today’s new normal of cyberattacks.
Shared from: CBROnline