Attacks occur for a variety of reasons, and in the wake of the most widespread ransomware attacks, WannaCry and Petya, many organizations are re-evaluating their security practices to figure out what went wrong.
While those who were hit are still trying to understand where their security gaps are, others enterprises that rely on legacy systems and can’t be patched are looking for ways to prevent being the next victim.
No, the vulnerabilities attackers leverage are not new. They prey on systems that have not been updated. This is where IT support and protection is essential.
There is no one-fits-all fix, but Sweet offered some sound advice on a variety of both long- and short-term solutions.
The main culprit behind this attack is a new ransomware that researchers intially called Petya, because it resembled an oldr ransomware strain that encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer. Later, it was discovered this is a new strain altogether, which researchers have started referring to as NotPetya or Petna.
What might have helped protect companies from these worm-like ransomware attacks?
The important thing to remember is that WannaCry and Petya were, in actuality, easily preventable. Victims of these attacks were only victims because they failed to conduct basic software patching. Enterprises searching for a way to protect themselves should know there are several tools on the market that use automation to patch software vulnerabilities in real time.
Automation is one way to close the gap, but we also need to train developers, at the very earliest stage of their education, to bake security into all new code. It’s no longer enough to tack cybersecurity onto projects as an afterthought anymore.
According to several sources, the author of the new ransomware stain appears to have been inspired by last month’s WannaCry outbreak, and added a similar SMB work based on the NSA’s ETERNALBLUE exploit. This has been confirmed by Payload Security, Avira, Emsisoft, Bitdefender, Symantec, and other security researchers. Later during the day, it was also discovered that Petya also used another NSA exploit called ETERNALROMANCE. More on this infection routine in a Kaspersky article here.
Petya’s initial distribution vector was a tainted update for an accounting software package popular in the Ukraine.
Other security measures enterprises can take
Having readily available data backups is the best way to maintain business continuity in the face of an attack. Keeping good, fresh data backups allows enterprises to rebuild systems quickly and inexpensively. In the face of a ransomware attack, there’s no longer a need to pay the ransom because the enterprise already has a recent backup of all the data it needs.
How the industry needs to approach security education to prepare for the future
When we look at the bigger picture and the future of cybersecurity, the issue of education is critical. A recent Cisco report estimates there are 1 million unfilled cybersecurity positions globally. In the U.S., that number is about 100,000. It’s a crisis that directly hurts the ability of companies and governments to curb hacking because there simply isn’t enough available talent to fill those jobs.
How schools and universities can better prepare the next generation to combat future threats to our digital world
Cybersecurity training has not been a priority for the American education system. Universities are inadvertently contributing to the lack of cybersecurity readiness in the U.S. by failing to teach students how to implement security thinking and awareness into all new code design, development and testing. As recently as 2016, only one of the top 121 computer and science information science schools in the country required at least three cybersecurity classes before graduation. At a minimum, cybersecurity training must be a graduation requirement for all computer science programs.
To keep up with the ever-increasing challenges of hackers, though, there is no choice for but to prioritize cybersecurity education for our future.
ShareJUL