Cybersecurity Blog
Thought leadership. Threat analysis. Cybersecurity news and alerts.
4 Lessons Small Businesses Can Learn from WannaCry and NotPetya Cyber Attacks
WannaCry and NotPetya, also known as Petya, have been the most talked about cyber attacks in the past three months. WannaCry was released into the wild in May this year; NotPetya in June this year.
Their popularity is understandable given that the combined victims of these two cyber attacks reached hundreds of thousands worldwide, with WannaCry affecting over 300,000 computers in 150 countries; NotPetya affecting over 12,500 computers in 65 countries. Most importantly, these two cyber attacks, labeled as ransomware – malicious software that encrypts computer data and asks for ransom money to unlock it – victimized big corporations and big government institutions worldwide. WannaCry disrupted the operations of UK’s National Health Service, U.S. express delivery company FedEx and Renault's assembly plant in Slovenia. NotPetya, on the other hand, disrupted the operations of the Chernobyl nuclear plant, U.S.-based pharmaceutical company Merck and Danish shipping firm Maersk. While big corporations affected by NotPetya such as Nuance, TNT Express, Saint-Gobain, Reckitt Benckiser Group and Mondelēz International publicly acknowledged that their operations have been disrupted, and they have suffered economic losses because of the attack, these big corporations have proven their resilience. “If a public breach damages a brand and causes customers to switch to a competitor, a larger business can weather the impact better than a smaller business,” Cisco said in its 2017 midyear cyber security report. “When attackers breach networks and steal information, small and medium-sized businesses (SMBs) are less resilient in dealing with the impacts than larger organizations.”
Here are 4 lessons small businesses can learn from WannaCry and NotPetya cyber attacks:
1. Use the Latest Operating System
Users of old operating systems are vulnerable to cyber attacks.
Majority of NotPetya ransomware infections, according to Microsoft in a bulletin dated June 29, this year, were observed in computers using Windows 7. Windows 10, on the other hand, according to Microsoft is resilient against the NotPetya ransomware attack. For WannaCry, users of old Microsoft operating systems – in particular, Windows XP, Windows 8 and Windows Server 2003 – fell victim to this malicious software. Microsoft ended its support for Windows XP on April 8, 2014; Windows Server 2003 on July 14, 2015; and Windows 8 on January 13, 2016. For Windows XP, Microsoft issued this statement: "After April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP. Security updates patch vulnerabilities that may be exploited by malware and help keep users and their data safer. PCs running Windows XP after April 8, 2014, should not be considered to be protected, and it is important that you migrate to a current supported operating system – such as Windows 10 – so you can receive regular security updates to protect their computer from malicious attacks." In the paper “The hackers holding hospitals to ransom” published in the British Medical Journal (BMJ) two days before the WannaCry attack, Krishna Chinthapalli, a doctor at the National Hospital for Neurology and Neurosurgery in London, found that a number of British hospitals were using Windows XP, an operating system introduced by Microsoft in 2001. 2. Install Security Update of the Latest Operating System
Even if you’re using the latest operating system and you fail to install the latest security update or patch, your computers are still vulnerable to cyber attacks.
Users of Windows 10 – the latest operating system from Microsoft – who failed to install the security update released by Microsoft on March 14, 2017 fell victim to WannaCry. Microsoft said that its March 14, 2017 update resolves vulnerabilities in Microsoft Windows that “could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.” WannaCry exactly exploited this specific security vulnerability mentioned in the March 14th update by Microsoft. 3. Paying Ransom Isn’t a Guarantee that You’ll Get Your Data Back
In a typical ransomware, computer data is encrypted, a ransom note is shown on the computer screen of the victim, the victim pays and the victim recovers data as the data is decrypted.
WannaCry victims paid close to $100,000 – paid in bitcoins; NotPetya victims paid close to $10,000. These earnings are stark contrast to the number one top grossing ransomware Locky which earned $7.8 million, and the second top grossing ransomware Cerber which earned $6.9 million based on the data provided in a Google-led study (PDF). The reason why these two didn’t earn that much bitcoins is that many victims early on knew that these malicious programs couldn’t restore their data despite paying ransom. According to the Google-led study, WannaCry and NotPetya are "impostors” as they are in reality “wipeware” pretending to be ransomware. Matt Suiche from Comae Technologies concluded that NotPetya is a wiper as it “does permanent and irreversible damages to the disk”. Suiche differentiates a wiper and a ransomware, this way: “The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative.” Victims of NotPetya also can’t pay ransom as the payment email address isn’t accessible anymore. The email address specified in the NotPetya ransomware notice was immediately blocked by the email provider Posteo. The perpetrator or perpetrators of NotPetya also didn’t replace the blocked address with another one. In the case of WannaCry, McAfee researchers found that while WannaCry can decrypt files, “WannaCry attackers appear to be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis.” 4. Backup Your Data
Make your organization resilient to cyber attacks by backing up your critical data. You can always get back your operating system or other software applications by reinstalling them. It may, however, be impossible to recreate your data lost to cyber criminals. It’s important then to always backup your critical data.
Backing up data on a regular basis isn’t just helpful in case cyber attackers corrupt your data, it’s also valuable in case your computers are stolen or destroyed as result of fire or other disasters. You have a backdoor to your business, and it's Email
Email is the most widely used form of business communication today. It’s inexpensive and fast. This form of communication, however, exposes businesses to cyber criminals.
Malicious cyber criminals consider the email as businesses’ backdoor – a vulnerable feature of a computer system that calls for exploitation. Failing to protect your business emails is like fortifying your house with the latest alarm systems and then leaving your backdoor wide open. Symantec in its 2016 Internet Security Threat Report estimated that nearly 190 billion emails were in circulation each day in 2015 alone, with an average of 42 emails sent and received by each business user every day – a growing number of users reading their emails on their mobile devices. Symantec reported that in 2015, email spam rate increased by 53%; phishing rate at one in 1,846 emails; and malware rate in one in 220 emails. “For cybercriminals who want to reach the largest number of people electronically, email is still the favored way to do it,” Symantec said. 3 Ways Cyber Criminals Exploit the Vulnerabilities of Emails
Cyber criminals exploit the vulnerabilities of emails in a number of ways. Here are 3 ways cyber criminals exploit emails:
1. Business Email Compromise (BEC) Scams
The cyber threat called business email compromise (BEC) relies on the oldest trick of con artists: deception. In BEC, con artists zero in employees who have access to company’s finances, deceiving them into making wire transfers to bank accounts thought to belong to business partners – when in fact, the money ends up in the accounts of cyber criminals.
BEC is one form of phishing – a form of identity theft that tricks people to reveal their Social Security numbers, bank account numbers and other valuable details – by making an email looks like it came from a legitimate source such as a bank, a partner company or government agency. The Federal Bureau of Investigation (FBI) reported that since 2013, organized crime groups, employing the business email compromise scam, have targeted small and large organizations and companies in every U.S. state and more than 100 countries around the world. According to the FBI, since January 2015, there has been a 1,300 percent increase in BEC, with losses now totaling over $3 billion. Tech giants such as Google and Facebook are not spared by BEC scammers. In March 2017, the FBI arrested Evaldas Rimasauskas for scamming multinational internet companies of over $100 million via email compromise scheme. While the FBI didn’t name the companies, a Fortune investigation revealed that the multinational internet companies referred by the FBI as victims of Rimasauskas were tech giants Google and Facebook. In the Rimasauskas case, Google and Facebook thought they were communicating via email with a legitimate staff of Quanta – supplier of the tech giants’ computer servers. Business Email Compromise (BEC) Scams Prevention
BEC scams can be prevented in the following manner:
Phishing Scams Prevention
Here are some of the ways to prevent phishing scams in general:
2. Malware Spread
Email is one of the oldest ways to spread malware – short for “malicious software” – software designed to damage or infiltrate computers without the users’ consent. In May 2000, the malware called “ILOVEYOU” infiltrated millions of computers. The ILOVEYOU malware comes in a form of an email from someone the receiver know, with a subject "ILOVEYOU" and the body of the message reads "kindly check the attached LOVELETTER coming from me."
An enormous number of people – probably out of the universal need to be loved – opened the ILOVEYOU email and downloaded the attached file. Once run, the malware overwrites all computer files and then send an identical email to all the contacts of a victim's Outlook address book. As a result of the ILOVEYOU malware, a number of mail systems worldwide were overloaded causing a meltdown of electronic communication among businesses and governments. Malware Spread Prevention
Here are some of the ways to combat the spread of malware sent via emails:
3. Denial of Service (DoS) Attack
A denial-of-service (DoS) attack is an attempt by cyber criminals to prevent legitimate users from accessing online services like email. Spam email messages can be used by attackers to prevent your customers from emailing your company.
Email accounts, whether supplied by a paid service or free services such as Yahoo or Gmail, are assigned a specific quota. This quota limits the number of emails that your business account can receive at a given period of time. When attackers bombard your business account with too many or large email messages, this can consume your quota and prevents your company from receiving legitimate messages. DoS Attack Prevention
To prevent DoS attack.
When you have questions, connect with us and get the answers you need.
Why do we fall victim to email phishing attacks?
Cyber criminals are crafty when it comes to email phishing attacks. Judging by the results of the most recent Google email phishing campaign, they are succeeding. Cyber criminals are smart, knowledgeable and won’t stop at any means to achieve their goals, which is to acquire your personal information and use it against you and the people on your contact list.
Almost daily, people receive fake emails asking for their personal information, such as user IDs and passwords. These phishing emails can be disguised as if they came from your bank, your email provider, a government agency or even your employer. Cyber crime gangs often prey on our own cybersecurity illiteracy and laziness. Let me ask you a few questions:
Since cybersecurity illiteracy is what cybercriminals use as an advantage, cybersecurity literacy and awareness would be a good antidote. The easiest way to spot a phishing email
Most fake emails can be spotted by simply looking at the “from” email address. An email from a fake sender would look something like this: Google Support <[email protected]>. This is definitely a fake. It might not be obvious, but that an email from Google would most certainly come from [email protected].
In any event, here is the easiest way to spot a phishing scam. Please remember it, print it out and share with others: If you receive an email whereby someone is asking for your personal information, including your user ID and / or passwords with a sense of urgency, most likely it’s a phishing scam. Why? Because you bank, your email provider, or your employer WILL NEVER ASK FOR YOUR PERSONAL INFORMATION VIA EMAIL. For example, you received an email that appears to be from your bank, and it looks something like this: “Dear customer, This is to inform you that due to suspicious activity, your savings account has been locked. Please click here to change your password immediately to re-gain access to your account. Sincerely, Customer Service Manager” While it appears legitimate, your bank will never ask to provide any personal information via email. In most cases, they will call you, and will ask you to go to the nearest branch to address any account security related issues. Even when someone calls you and introduces him or herself as a banking specialist asking for your personal information, you don’t have to provide it. Hang up, call your bank using the number on the back of your bank card, and tell them that you were contacted, and if there are any issue they could help you address. Same goes to calls from any government agency, including the IRS. Stay safe! A Sophisticated Phishing Attack
As reported by several cyber security researchers, and the mainstream media, cyber criminals unleashed a new, sophisticated phishing campaign targeting both individuals and corporate Gmail users. In fact, it’s so sophisticated, that even savvy users are being tricked by it.
An email arrives with a link, and when clicked, it asks for your Gmail user credentials. The trick is that the page looks exactly like the original Gmail sign on page. When you enter your user ID and password, the attackers automatically log into your Gmail account. When they are in, they immediately begin gathering additional information to support further attacks. Appears that they are looking for the attachments you’ve previously shared with others, and gather email addresses from your contacts. The contacts they gather, inevitably become new targets. Now rogue emails are coming from someone the victim knows. It's very hard to notice foul play since the URl in the email is disguised very well. In most cases, victims won't even look at the address bar at the top to validate the website's authenticity. How to protect yourself against phishing attacks?
Fortunately, you can protect your account almost instantly by enabling 2-step verification for your Gmail account. Even if you don’t use Gmail, and use another Cloud email service, we recommend that you enable a 2-step verification without delay.
When 2-step verification is enabled, unless cybercriminals have direct access to your smartphone, it would be nearly impossible for them to use your password, even if you have fallen victim to a phishing attack. Instructions on enabling 2-step verification for Gmail (personal use): https://support.google.com/accounts/answer/185839?hl=en Instructions on enabling 2-step verification for Gmail (corporate accounts). Note that for corporate accounts, you need to share these instructions with your IT department, and Gmail administrator will be able to add the extra security centrally: https://support.google.com/a/answer/184711?hl=en Have questions? Please contact us and we will be more than happy to assist. Stay safe! |
AuthorSteve E. Driz, I.S.P., ITCP Archives
March 2024
Categories
All
|
8/3/2017
0 Comments