General 4min de Leitura - 18 de May de 2017

WannaCry: Understanding occurrence and consequences

Chave vetorizada sobre a palavra ransomware, simbolizando o WannaCry

This post is also available in: English Português Español

[vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern” css_animation=”” css=”.vc_custom_1508956847572{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_column][vc_column_text]

Hundreds of countries were extremely concerned about the breadth and speed of the WannaCryattack, which quickly hit more than 200,000 devices (believe me, this is not much in the face of other attacks like “I Love You”, Blaster, Nimda, SoBig, MyDoom). and brought with it, besides the technical aspects necessary for its control, a series of questions and reflections.

There is a lot of information mismatched on the internet about the timeline of this attack, and this makes the attack curious and at the same time highly troubling for the future. It is a fact that nations and companies are not prepared to give it such a large scale, and attacks like this strengthen that claim.

Internet security have old challenges and will have to evolve substantially to meet new (not so much) demands, such as the widespread use of increasingly powerful mobile devices, internet of things (IoT), cloud computing, industry 4.0 itself, and so many others.

There are very positive aspects with the internet, this is undeniable and this movement cannot be stopped, but it is important that governments, companies and society (people) are properly aware and protected, so the impacts of attacks tend to be relatively minor.

According to information published on the Internet, the attack began with a vulnerability known by the US National Security Agency (NSA), which was eventually exposed by the Shadow Brokers group, which used the code to create ransomware.

Unlike some security incidents that depend on a user action, this case exploits a vulnerability in Windows operating systems (fixed in March 2017), and from the compromised environment the data is encrypted and the device becomes a replicator of ransomware, by massively scanning networks and the Internet, searching for other vulnerabilities.

Windows XP operating system, which support has been discontinued by the Microsoft, is still widely used worldwide. Many attacks end up being directed to Windows XP, motivated by the lack of support and update for its operating system version. However, even without active support for the product, the manufacturer ends up releasing correction paths to overcome problems with more representative proportions, such as WannaCry, with worldwide repercussions.

Despite the impact of last week’s attack, it has no sophistication as it exploits known vulnerability of non-upgraded systems. WannaCrycompromises the nodes of a network, making them a source of distribution, amplifying the attack in a frightening way.

What is striking, however, is the way this happened. There are sources that blame the NSA for keeping the problem confidential so that it could at any moment have silent access to several computers in the world, rather than notifying the manufacturer of the correct fixes. There arise great reflections, of interests, responsibilities, that escape the purpose of this post.

The attack lost speed when a British researcher registered the domain that was used as a kind of “kill switch”, a feature used to make the attack paralyzed at any time. Such an attitude does not solve the vulnerability, but temporarily stagnates the capillarization of the incident.

It has been approximately 7-8 years that an attack did not take these proportions, and so it was quickly classified as one of the largest in history, although it has not caused, even close, what other attacks did, especially in the early 2000s, affecting tens of millions of equipment.

How to be protected from WannaCry attack?

When these incidents occur, people and companies want to quickly find a solution to solve the problem and prevent it from happening in the future. Faced with this expectation, it is important to understand that there is no magic recipe, no immediate solution, but a set of factors that must be understood in order to improve safety.

Access to devices that store or transit information, has grown a lot in recent years, and this is extremely positive. Increasingly intuitive interfaces stimulate the adhesion of a massive number of users, hitherto unused with technology and the world of the internet. This inclusion movement is very important and at the same time highly dangerous if there is no awareness of its use.

With regard to protection using attacks with ransomware features, such as WannaCry, most of the references refer to 3 basic pillars: keeping systems properly up-to-date, having a proper antivirus solution and backing up regularly.

They are basic pillars, important, but largely neglected by an extensive set of reasons, which details do not matter now. The fact is that this produces the ideal scenario for the attacks to have their amplitudes enhanced. Faced with this scenario, sophisticated guidelines end up having no effect, since the trivial is neglected.

An attack like this one aims at reaching the maximum number of equipment, having the proposal of sweeping the nets behind these. It is natural that the rate of conversion of these attacks is small, however, in quantitative terms, it is very representative and scary. There are billions of devices connected to the internet, 0.5% conversion, for example, becomes a highly representative number.

Update of the environment

Updates increase the chances of preventing the environment from security incidents but are also not efficient at all, because zero-day attacks, for example, are performed even before vendors are aware of the vulnerability.

So upgrading is important, but do not rely on it as a solution to every problem. Upgrading is an element within a security context that increases the chances of creating a more secure environment.

Another aspect in which upgrades end up being neglected is that manufacturers often do not have adequate quality criteria, and the packages available end up inserting other problems in the environment, when resources that previously operated do not cease to function.

Is Backup a Solution for WannaCry?

Backup can be an alternative to recovering an invaded environment, but should not work as a prevention strategy, especially because new modalities of ransomware attacks threaten the exposure of the data if the rescue is not paid by the person or company that had the data sequestered.

For this attack format, the backup can favor the reestablishment of the environment, making it operational again, but depending on the type of information, the business or person will be highly committed to their disclosure. So again, the impacts generated by these and other attacks should be treated more seriously not only in times of crisis but in unified strategies to create tools and awareness strong enough to minimize the consequences.

It is important to remember that society and corporations are undergoing a major transformation, with the materialization of trends such as internet of things, machine learning, cloud services, industry 4.0 and many other novelties and potentialities for corporate and personal use. Faced with this reality, it is highly necessary to prioritize the topic of information security. When it comes to the corporate segment, the reasons for maintaining security structures are widened, since the effects of a virtual attack have to be even larger, with the expected evolution for the coming years.

Is your company prepared to face these and other challenges associated with information security? Take the opportunity and talk to our experts.

[/vc_column_text][vc_custom_heading text=”Continue aprimorando seu conhecimento” font_container=”tag:h3|text_align:left” use_theme_fonts=”yes” css=”.vc_custom_1508931972217{padding-top: 25px !important;padding-bottom: 25px !important;}”][blog_slider type=”carousel” auto_start=”true” info_position=”info_in_bottom_always” order_by=”date” order=”ASC” blogs_shown=”” category=”reconhecimento-problema” show_categories=”no” show_date=”yes” title_tag=”h4″ show_comments=”no” enable_navigation=”enable_navigation”][/vc_column][/vc_row]

This post is also available in: English Português Español