How Should You Prepare for the Next Wave of Ransomware, Malware, Network and File Vulnerabilities?

Cybersecurity is a hot topic in the IT industry, as IT sector is one of the industries most frequently targeted by malware and ransomware hackers. IT businesses store and handle an abundance of sensitive and valuable data belonging to third parties, government, healthcare and legal entities to name a few, making them a prime target.

Concerns over information technology security, protection and prevention are far reaching. Electronic security matters are a primary concern for organizations powered by information systems. Ransomware, malware, network and file vulnerabilities are significant today, as recent hacking events have intensified public awareness of the catastrophic consequences that can occur as a result of unexpected security breaches.

About Cryptovirological Software

Cryptovirological software, such as malware, viruses, and ransomware, typically infects a user’s infrastructure in one of three ways. The malware could be inserted maliciously via USB or external media, infected via email spam or fake attachments, or it may be spread using exploit software such as Eternal Blue. The method of exploitation commonly used is known as HeapSpraying – by injecting shellcode into vulnerable systems, this allows for the exploitation of the machine in question.

Recent high-profile ransomware attacks such as the WannaCry, NotPetya, WYSIWYE, Cryptowall, and Mirai attacks emphasize the importance of investing in cybersecurity protection. Targeted attacks can spread through a network like wildfire and have the potential to cause hundreds of thousands of dollars in damages; desperate organizations sometimes choose to pay the ransom to hackers for the keys to unlock their business-critical files.

Updating Your Information Systems

If its information systems are not kept up-to-date, malware or ransomware could potentially paralyze a business. Hacking groups target weaknesses in operating systems and system application code by looking for vulnerabilities which inadvertently allow the execution of malicious code. Once the malicious code is injected into the host operating system, hackers could potentially exploit the compromised system.

Security experts are constantly monitoring for the latest security vulnerability trends; software vendors have dedicated security teams who are usually very quick to react to any potential weaknesses found within their code. Patches, updates and firmware fixes are regularly released to combat any identified potential system vulnerabilities. Problems only tend to arise when the end user fails to act to protect their system.

Most home user operating systems such as Windows 10 and Apple Macintosh are configured out-of-the-box to automatically update over the Internet at set intervals during the month. However, business IT systems are typically managed by a central security server which requires an administrator at act upon, approve, and deploy the security updates. Following this process, the patches are scheduled for release to the organization’s infrastructure.

Update tools, such as Microsoft Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM), can be utilized by system administrators to push security updates to servers, client laptops, and terminals. However, even with such services, many organizations fail to keep on top of a regular patching schedule.

What Can Happen If Your Infrastructure Updates Are Out-of-Date

There are several reasons this might happen, such as inadequate technical capability or team knowledge of how to professionally update an organization’s computer infrastructure. It might be due to a management approach of “if it’s not broken, don’t fix it,” resulting in a failure to proactively patch or deploy security measures until a problem arises. Other times, there may be fears that the security updates will break proprietary software applications.

These issues can play into the hands of hacking groups because it could mean a significant number of vulnerable systems within the organization are exploitable. All the recent major malware and ransomware attacks have followed a similar pattern: the malware is spread onto a system via the Internet and encrypts an infected user’s files. Then the malware will display a demand for payment in Bitcoin to unlock the user’s data.

Using the WannaCry ransomware as a specific example, it targeted an exploit in the Samba network share protocol of the Windows Server operating system. This allowed the hackers to copy an exploit file onto the infected user’s system disk, where the file would sit dormant until it was activated by a trigger sent over the internet. Upon activation, the malware would proceed to encrypt all the user files and render the computer useless. A pop-up would then appear on the user’s screen demanding payment.

Microsoft were aware of this exploitation months before the WannaCry epidemic was released globally. The Microsoft product security teams promptly patched the exploitation and published a security bulletin urging users to update immediately. Many users, businesses, and global organizations failed to act upon this information, which resulted in them being vulnerable to attack.

Fortunately, when WannaCry was released in May 2017, many organizations who had already invested in an up-to-date antivirus (AV) product were saved; the AV agents identified the malware signature files and rapidly quarantined the WannaCrypt files long before the malicious code could be executed.

However, those users who had not patched the operating system or not installed an antivirus product, or those whose antivirus was out-of-date, were infected in droves at a global scale by the WannaCry ransomware. Even today, WannaCry is still spreading over the internet; some of the most high-profile victims include Boeing, the British National Health Service (NHS) and Telefonica communications,

As mentioned previously, many organizations were fortunate to avoid the ransomware attacks because of having a modern antivirus suite. But what else can be done to protect against these vulnerabilities and exploits? We have devised a plan for what we consider to be some cybersecurity best practices which can be employed to help you deal with the next wave of threats.

Your Cybersecurity Plan

First, it is important to make sure you have a modern, and frequently-tested backup strategy. Backups are the contingency plan for preserving all your important data, so should the worst happen, you have the ability restore your systems from backups. Having a legitimate, functional backup copy of your data is essential. Data can be replicated to alternative location for an added protection, and many managed service providers can offer guaranteed data protection services.

Next, we recommend creating a structured and regular patching schedule for all your IT infrastructure. This includes all Windows, Linux and VMware based computer resources, as well as the hardware platforms microcode for storage, networking and comms. Many businesses choose to delegate this to a small group of specialists who manage the update services products, like WSUS and SCCM. These centrally managed platforms can be configured to push out all the updates in a controlled and scheduled manner.

A reasonable amount of manual work will still be required, but the majority of the updates can be scheduled automatically. It is worth considering that some of the most sensitive systems, such as primary database servers, corporate active directory domain controllers, or backup host servers should be patched manually, and you may even consider taking a snapshot of your virtual machines and storage systems as a roll back option, especially if your systems have not been updated for a significant amount of time.

One of the key defences against all forms of malware is the education and training of employees. Security concepts and knowledge of the latest threat trends should be offered in compulsory training initiates by all organizations. Communicating what ransomware, malware, viruses, phishing, and spoofing are can enlighten employees to the dangers of these threats, which in turn can help enforce a mantra of security consciousness throughout the business.

Another key defence is investing in technical services and hardware devices which are designed to intercept cybersecurity threats at source. Products such as an Intrusion Protection System (IPS) can scan network traffic and alert upon suspected issues. We have already discussed the importance of antivirus products, but outsourcing these responsibilities to a manage service provider can alleviate the headache of ensuring that all the product managers and agents are up-to-date and compliant.

About Atlantic.Net

Do you need to secure your organization’s hosting environment and IT infrastructure? Atlantic.Net’s managed service professionals can assist in setting up backup services, security solutions, and more. Contact Atlantic.Net today for more information about how our experts can help.