In the News : The “WannaCry” ransomware and digital security
The “WannaCry” ransomware campaign has targeted a number of organisations internationally including the UK’s National Health Service and Spanish telecommunications provider Telefónica. The Australian Cyber Security Centre (ACSC) confirms there are a small number of cases affecting Australian small businesses, and many Australian networks could be at risk of infection.
In light of this recent attack, organisations can minimise the risk of being infected by taking the same precautions necessary to guard against malicious software in general. CIO’s in Australia can protect their organisations by following the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents, which include:
- Patching operating systems and applications to the latest versions;
- Not exposing protocols such as SMB to untrusted networks including the Internet; and
- Implementing application whitelisting to prevent execution of untrusted code.
Who is at risk?
The campaign leverages publically known vulnerabilities in Microsoft Windows to spread an infection to other hosts. It poses a greater threat to small SMEs compared to large organisations, particularly those that run on Microsoft Windows. In response, Microsoft has recently released patches to their products to mitigate these vulnerabilities and Australian organisations are encouraged to update their products to prevent further attacks from this campaign.
The ACSC Threat Report states that “in cyber security, prevention is better than a cure”. They go on to explain that relatively few organisations sufficiently plan or prepare for a significant cyber security incident. This can be said for Australian IT Leaders, as recent reports from the ACSC have identified a small number of cyber-attack cases arising in Australia.
For IT Leaders to prepare and respond to cyber-attacks, the following strategies are recommended by the ACSC:
- Set up monitoring to access the organisation’s environment for cyber threats;
- Have processes in place to detect when an incident may have occurred;
- Assign primary responsibility for incident response;
- Maintain an up-to-date Incident Response Plan and System Security Plan and Standard Operating Procedures;
- Identify critical systems; and
- Identify key stakeholders including communications and legal.
Legacy systems are at a higher chance of exposure to the campaign as the ransomware was designed to work against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems. Network Architects running outdated operating systems are firstly urged to make the security upgrade for platforms in custom support (Windows XP, Windows 8, and Windows Server 2003) to protect their applications in the short term. Secondly, they can obtain the latest protection from Microsoft and upgrade to Windows 10.
In the longer term, Network Architects are encouraged to keep all computers up-to-date, which provide the benefits of the latest features and proactive mitigation built into the latest versions of Windows. They can also install antivirus protection software and automatic updates enabled to be protected against threats like this in the future.
The majority of conscientious organisations have a particular set of mitigation strategies, policies and procedures in place to treat threats such as this. To maintain a strong cyber security posture, increasing awareness of potential vulnerabilities and implementing additional IT architecture security measures can be vital to deter and prevent incidents on infrastructure.
Organisations could use antivirus and malware prevention software such as:
- Device Guard to lock down devices and provide kernel-level virtualisation-based security, allowing only trusted applications to run, effectively preventing malware from running.
- Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.
- Continually monitor networks with threat protection software, which alerts security operations teams about suspicious activities. Organisations should use vigilance when opening documents from untrusted or unknown sources.
To ensure organisations and their systems are protected, IT Program Managers should have in place a set of mitigation strategies. The Australian Signals Directorate suggests an order of implementation for each threat to build a defense against cyber security incidents. The Essential Eight Mitigation Strategies include:
- Application White-listing
A whitelist only allows selected software applications to run on computers. All other software applications are stopped, including malware.
- Patch Applications
A patch fixes security vulnerabilities in software applications. Adversaries will use known security vulnerabilities to target computers.
- Disable Untrusted Microsoft Macros
Microsoft Office applications can use software known as ‘macros’ to automate routine tasks. Macros are increasingly being used to enable the download of malware. Adversaries can then access sensitive information, so macros should be secured or disabled.
- User Application Hardening
Block web browser access to Adobe Flash Player (uninstall if possible), web ads and untrusted Java code on the Internet. Flash, Java and web ads have long been popular ways to deliver malware to infect computers.
- Restrict administrative privileges
Only use administrator privileges for managing systems, installing legitimate software and applying software patches. These should be restricted to only those that need them. Admin accounts are the ‘keys to the kingdom’, adversaries use these accounts for full access to information and systems.
- Patch operating systems
A patch fixes security vulnerabilities in operating systems. Adversaries will use known security vulnerabilities to target computers.
- Multi-factor authentication
This is when a user is only granted access after successfully presenting multiple, separate pieces of evidence. Typically something you know, like a passphrase; something you have, like a physical token; and/or something you are, like bio-metric data. Having multiple levels of authentication makes it a lot harder for adversaries to access your information.
- Daily backup of important data
Regularly back up all data and store it securely offline. That way, an organisation can access data again if it suffers a cyber security incident.
The bigger picture
The ACSC states that terrorist groups seeking to harm Western interests currently pose a low cyber threat. Cyber Terrorist capabilities generally remain rudimentary and show few signs of improving significantly in the near future.
For the time being, this threat thankfully remains more hypothetical than real. What is needed in the meantime is a considered discussion and realistic appraisal of the diverse threats to Australia’s cyber security.
If organisations are affected by the “WannaCrypt” ransomware incident, they should contact their service provider immediately. Small businesses can contact Australian Cybercrime Online Reporting Network; larger businesses are advised to follow their normal procedures.
Building a system that houses your organisation’s data can be daunting, especially now that data acquisition is growing rapidly. The…MORE INFORMATION
Human-to-machine communication has not yet been perfected, but enterprises are already beginning to integrate this groundbreaking technology into their operations,…MORE INFORMATION
Fusion Professionals has signed a partnership agreement with MapR Technologies, provider of the industry’s leading data platform for AI and…MORE INFORMATION
“Big data is at the foundation of all of the megatrends that are happening today, from social to mobile to…MORE INFORMATION
In recent years data volumes have been increasing dramatically. This has created major challenges for traditional analytics platforms in terms…MORE INFORMATION
With the increasing volumes of data that can be cost effectively stored in the cloud, comes increasing responsibility. The current…MORE INFORMATION
With the advancement of technology and abundance of data your business receives on a daily basis, companies are now in…MORE INFORMATION
Fusion Professionals held its annual Fusion Summit last Thursday the 18th of October at the Rag and Famish Hotel in…MORE INFORMATION
The Client is one of major NSW government departments providing services to public. The Department had been experiencing performance issues…MORE INFORMATION
Though its conception dates back to 1979, containers made their mark as much needed, major technology assets in 2000. Digital…MORE INFORMATION
Objective The intelligent mobile app-based lending system is a new field, blending recent technical developments in mobile phones and Artificial…MORE INFORMATION
Our Client is a well-known Australian freight logistics company, operating in railway freight and shipping. The company embarked on a…MORE INFORMATION
Data warehouse management and data analytics always had the challenge to decide what data to store and for how long…MORE INFORMATION
Cloud computing is becoming a preferred storage platform for IT managers and organisations in general. In Australia alone, 31 percent…MORE INFORMATION
Serving your customer in the best possible, most efficient way should always be the major goal of any organisation. The…MORE INFORMATION
Moving out from proprietary software seems like a daredevil act, considering the possible data security issues some open source databases…MORE INFORMATION
The Challenge Complex IT environments can pose significant technical risk that, if not managed adequately, have the potential of major…MORE INFORMATION
Fusion Professionals has signed a partnership agreement with Waterline Data ( https://www.waterlinedata.com/ ) the leading provider of Information Catalogs and…MORE INFORMATION
Most people do not like change. As much as possible, they want things to stay the same that is why,…MORE INFORMATION