Author: Megan Gates / Source: ASIS Security Management
Early in the afternoon on May 12, 2017, the United Kingdom’s National Health Service (NHS) confirmed that it had been hit by a massive ransomware attack that was spreading its way around the globe.
“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” the NHS said in a statement, confirming that at the time it was released, 16 of its organizations had been affected by WannaCry ransomware.
MalwareTech, a cybersecurity blogger and researcher, saw that NHS had been hit by the attack at approximately 2:30 p.m. That fact tipped him off “that this was something big,” MalwareTech wrote in a blog post.
To find out what was happening, he got a sample of the malware, ran an analysis, and registered an unregistered domain for $10.69 that the malware had queried.
“Now one thing that’s important to note is the actual registration of the domain was not on a whim,” MalwareTech explained. “My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server domains.”
In the course of registering that domain name, however, MalwareTech effectively stopped WannaCry, the ransomware infecting 200,000 computers globally, demanding that users pay a ransom of about $300 in Bitcoin to decrypt their data.
MalwareTech’s efforts, along with an emergency patch released by Microsoft for Windows XP (which hasn’t been supported since 2014), stopped WannaCry. But that doesn’t mean they will be so lucky in the future as ransomware and other types of crimeware become more prevalent.
In the recently released Verizon 2017 Data Breach Investigations Report, Verizon analyzed data from 65 organizations and found that 88 percent of breaches fell into nine patterns identified in 2014: crimeware, cyber espionage, denial of service, insider and privilege misuse, miscellaneous errors, payment card skimmers, point-of-sale intrusions, physical theft and loss, and Web application attacks.
These attacks are successful, in part, because most companies erroneously believe they won’t be targeted, wrongly think they have the basics of cybersecurity covered, are failing to set strong password requirements, and are relying on how they have always done things—as opposed to being innovative and proactive.
“While attackers are using new tactics and tricks, their overall strategies remain relatively unchanged,” the Verizon report explains. “Understanding them is critical to knowing how to defend your organization from cyberattacks.”
The report also finds that it’s not just major companies being targeted. Instead, 61 percent of breaches in the report affected businesses with fewer than 1,000 employees.
Manufacturing, healthcare, and the financial services sectors were major targets for data breaches in 2016. But Verizon Global Head of Cybersecurity Strategy and Marketing John Loveland said that companies should not be distracted by that fact.
“I would say put a big emphasis on ‘industries most at risk,’ but that can be unhelpful because I think it may distract from the idea that every organization is a potential target,” Loveland said in a Verizon podcast interview.
Bryan Sartin, Verizon global security services executive director, echoed Loveland’s comments, and said that no organization should rest on its laurels.
Though they may be in denial, organizations are going to be targeted, Sartin explained on the podcast. “Whether it’s design plans, medical records, or good, old-fashioned payment card details—somebody, somewhere will see it as their meal ticket and as an opportunity to get a hold of that, exploit vulnerabilities, find that data, get it out, exfiltrate it, and try to convert it into cash. Most cybercriminals aren’t that fussy about who they steal from.”
Ransomware. One of the unchanged strategies that cybercriminals are using is ransomware, which was the twenty-second most common form of malware in 2014. It’s now moved up to the number five position.
“For the attacker, holding files for ransom is fast, low risk, and easily monetizable—especially with Bitcoin to collect anonymous payment,” according to the Verizon report. Due to the success of ransomware in the past several years, criminals have become more innovative about how they use it to turn a profit.
“Criminals introduced time limits after which files would be deleted, ransoms that increased over time, ransoms calculated based on the estimated sensitivity of filenames, and even options to decrypt files for free if the victims became attackers themselves and infected two or more other people,”…
Click here to read more
