In the News : The “WannaCry” ransomware and digital security
The “WannaCry” ransomware campaign has targeted a number of organisations internationally including the UK’s National Health Service and Spanish telecommunications provider Telefónica. The Australian Cyber Security Centre (ACSC) confirms there are a small number of cases affecting Australian small businesses, and many Australian networks could be at risk of infection.
In light of this recent attack, organisations can minimise the risk of being infected by taking the same precautions necessary to guard against malicious software in general. CIO’s in Australia can protect their organisations by following the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents, which include:
- Patching operating systems and applications to the latest versions;
- Not exposing protocols such as SMB to untrusted networks including the Internet; and
- Implementing application whitelisting to prevent execution of untrusted code.
Who is at risk?
The campaign leverages publically known vulnerabilities in Microsoft Windows to spread an infection to other hosts. It poses a greater threat to small SMEs compared to large organisations, particularly those that run on Microsoft Windows. In response, Microsoft has recently released patches to their products to mitigate these vulnerabilities and Australian organisations are encouraged to update their products to prevent further attacks from this campaign.
The ACSC Threat Report states that “in cyber security, prevention is better than a cure”. They go on to explain that relatively few organisations sufficiently plan or prepare for a significant cyber security incident. This can be said for Australian IT Leaders, as recent reports from the ACSC have identified a small number of cyber-attack cases arising in Australia.
For IT Leaders to prepare and respond to cyber-attacks, the following strategies are recommended by the ACSC:
- Set up monitoring to access the organisation’s environment for cyber threats;
- Have processes in place to detect when an incident may have occurred;
- Assign primary responsibility for incident response;
- Maintain an up-to-date Incident Response Plan and System Security Plan and Standard Operating Procedures;
- Identify critical systems; and
- Identify key stakeholders including communications and legal.
Legacy systems are at a higher chance of exposure to the campaign as the ransomware was designed to work against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems. Network Architects running outdated operating systems are firstly urged to make the security upgrade for platforms in custom support (Windows XP, Windows 8, and Windows Server 2003) to protect their applications in the short term. Secondly, they can obtain the latest protection from Microsoft and upgrade to Windows 10.
In the longer term, Network Architects are encouraged to keep all computers up-to-date, which provide the benefits of the latest features and proactive mitigation built into the latest versions of Windows. They can also install antivirus protection software and automatic updates enabled to be protected against threats like this in the future.
The majority of conscientious organisations have a particular set of mitigation strategies, policies and procedures in place to treat threats such as this. To maintain a strong cyber security posture, increasing awareness of potential vulnerabilities and implementing additional IT architecture security measures can be vital to deter and prevent incidents on infrastructure.
Organisations could use antivirus and malware prevention software such as:
- Device Guard to lock down devices and provide kernel-level virtualisation-based security, allowing only trusted applications to run, effectively preventing malware from running.
- Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.
- Continually monitor networks with threat protection software, which alerts security operations teams about suspicious activities. Organisations should use vigilance when opening documents from untrusted or unknown sources.
To ensure organisations and their systems are protected, IT Program Managers should have in place a set of mitigation strategies. The Australian Signals Directorate suggests an order of implementation for each threat to build a defense against cyber security incidents. The Essential Eight Mitigation Strategies include:
- Application White-listing
A whitelist only allows selected software applications to run on computers. All other software applications are stopped, including malware.
- Patch Applications
A patch fixes security vulnerabilities in software applications. Adversaries will use known security vulnerabilities to target computers.
- Disable Untrusted Microsoft Macros
Microsoft Office applications can use software known as ‘macros’ to automate routine tasks. Macros are increasingly being used to enable the download of malware. Adversaries can then access sensitive information, so macros should be secured or disabled.
- User Application Hardening
Block web browser access to Adobe Flash Player (uninstall if possible), web ads and untrusted Java code on the Internet. Flash, Java and web ads have long been popular ways to deliver malware to infect computers.
- Restrict administrative privileges
Only use administrator privileges for managing systems, installing legitimate software and applying software patches. These should be restricted to only those that need them. Admin accounts are the ‘keys to the kingdom’, adversaries use these accounts for full access to information and systems.
- Patch operating systems
A patch fixes security vulnerabilities in operating systems. Adversaries will use known security vulnerabilities to target computers.
- Multi-factor authentication
This is when a user is only granted access after successfully presenting multiple, separate pieces of evidence. Typically something you know, like a passphrase; something you have, like a physical token; and/or something you are, like bio-metric data. Having multiple levels of authentication makes it a lot harder for adversaries to access your information.
- Daily backup of important data
Regularly back up all data and store it securely offline. That way, an organisation can access data again if it suffers a cyber security incident.
The bigger picture
The ACSC states that terrorist groups seeking to harm Western interests currently pose a low cyber threat. Cyber Terrorist capabilities generally remain rudimentary and show few signs of improving significantly in the near future.
For the time being, this threat thankfully remains more hypothetical than real. What is needed in the meantime is a considered discussion and realistic appraisal of the diverse threats to Australia’s cyber security.
If organisations are affected by the “WannaCrypt” ransomware incident, they should contact their service provider immediately. Small businesses can contact Australian Cybercrime Online Reporting Network; larger businesses are advised to follow their normal procedures.
DevOps has well and truly arrived. Having a team combining development and operations is superseding the traditional model where these…MORE INFORMATION
We may not know it, but we’re consuming huge amounts of data every day. Whether it’s through Siri, Google, Microsoft,…MORE INFORMATION
Fusion Professionals, a Sydney-based IT consulting firm and a Gold level member of the Oracle Partner Network (OPN) today announced…MORE INFORMATION
This week Fusion Professionals held their annual summit at the Rag & Famish hotel in North Sydney. The summit is…MORE INFORMATION
Working with a large, well-resourced enterprise has many benefits – including having the scope to look at new ways of…MORE INFORMATION
Who doesn’t like some certainty in their lives?! It’s human nature to crave it. So, when we are lining up…MORE INFORMATION
Building a business case is a familiar and routine process for any IT investment project. But is there a possibility…MORE INFORMATION
Fusion Professionals and Australian research and advisory firm BigInsights, recently hosted an industry breakfast to discuss how organisations can capitalise…MORE INFORMATION
Are you considering taking advantage of the Amazon Web Services (AWS) platform but are concerned about the risks involved in…MORE INFORMATION
Fusion Professionals is a proud sponsor of the Nikola Tesla – Unlimited Mind Exhibition in Sydney. For the very first…MORE INFORMATION
Large Australian Airline with over 30,000 employees and more than 6000 daily flights. OBJECTIVES In the Airline industry booking data…MORE INFORMATION
It’s been a while since Oracle held a business event in Sydney but the recent Oracle Modern Business Experience (MBX)…MORE INFORMATION
The Client is a Government electricity distributor, providing the safe and reliable supply of electricity to 2.4 million people in…MORE INFORMATION
The “WannaCry” ransomware campaign has targeted a number of organisations internationally including the UK’s National Health Service and Spanish telecommunications…MORE INFORMATION
The Client is an Australian freight logistics company, operating in railway freight and shipping. The company embarked on a major…MORE INFORMATION
The end customer of any technology solution expects a seamless service delivery. They shouldn’t be the ones to alert you…MORE INFORMATION
The Client is a Government Health Organisation, operating in providing World-class, patient-centred and digitally enabled healthcare with the goal “‘the…MORE INFORMATION
Technology platforms are the critical middle layer of the traditional technology stack. They rely on the infrastructure which supports them…MORE INFORMATION
Don’t ignore the critical platform layer – and its potential contribution to system downtime Cloud technology is fuelling change in…MORE INFORMATION