“Organizations who continue to run Windows XP, software which cannot adequately detect and protect your information assets, and obsolete software, will make your systems easy targets for hackers and cyber criminals, as these systems will be hardest hit as the level of vulnerabilities and exploits are high and easily available.”
This is an extract from the for 2015 written by the Deon Olton, ICT/Cyber Security Consultant with Caribbean Cyber Security Centre.
Cyber security consultants at the Caribbean Cyber Security Centre predicted this level of cyberattacks two years ago based on the threat intelligence available in 2015. Furthermore, we stated that malware and special variants like ransomware will be on the rise across the globe in 2016 and beyond; hence there is no surprise of the recent news.
The business of cybercrime has matured into a billion dollar industry and has resulted in devastating effects. Ransomware or extortion-based attacks were rampant in 2016, and in 2017 we’re seeing an explosion of new variations. These new types of threats are more financially driven than ever before; therefore, increasingly widespread as the cybercrime community begins to monetize their nefarious activities.
So, what really is this thing called ransomware? Like any kind of ransom, a ransomware virus gains access to a computer system or computer systems and hides the data by way of using encryption technology, before demanding payment from the victim in order to return access to it. Also, just like viruses and other forms of malware, ransomware tends to be effective on systems by exploiting security flaws or vulnerabilities in software to gain access and, in some cases, control of the computer systems. Once the ransomware is launched, you will see a popup on your screen giving instructions on how much you pay as the ransom. There have been instances of ransom being paid and access was restored and I am sure there is an equal number of victims who paid and access was not restored.
The recent WannaCry ransomware attack is thought to be the largest coordinated cyberattack of its kind, impacting numerous organizations including several critical healthcare and telecommunications systems; sparing none in between. The massive spread of this ransomware has been made possible due to a security vulnerability in some Microsoft’s operating systems. The most highly vulnerable operating systems are Windows XP, Windows Server 2003 and Windows 8 as these are the operating systems for which Microsoft doesn’t provide mainstream support.
WannaCry targets these Microsoft operating systems where hackers take control of a computer and encrypt the data until the victim makes a payment in return. The hackers demands payments of US$300 to US$600 using Bitcoins because this type of currency ensures that the benefactors are anonymous which means victims will have no recourse if payments made don’t result in access to systems being granted. WannaCry has infected hundreds of thousands of endpoints spanning more than 150 countries due to its worm-like ability to propagate and spread to other systems. While Microsoft has released “patches” to fix a vulnerability that allows hackers to take control of systems using the WannaCry ransomware, these patches are only valid on licensed and updated software. This means that companies running obsolete, unsupported or unlicensed Microsoft software are not protected.
In the Caribbean, we believe the impact will be great but equally hard to measure because there is no legal responsibility for companies to report these attacks, and also because the use of pirated or outdated software is rampant. There will be few reports as most companies will not step forward to report their losses due to licensing issues. Government, financial services and larger private sector enterprises tend to have their IT security policy in place by installing latest updates, anti-virus software and firewalling. The fallout will most likely be a large number of mid and small-size companies who remain exposed to the threat due to the lack of IT security policies, pirated and or obsolete software.
As we dig deeper and try to understand the types of organizations that have fallen and continue to be vulnerable, we see reports of the healthcare institutions rising to the top of the list. Why healthcare? Simple, healthcare systems are the most diverse and heterogeneous networks and typically use software and systems which are geared towards saving lives, whereas security tends not to be an initial consideration. In addition, the connected nature in which we live and work accommodates the need for remote access and access to the Internet so doctors can provide patient care from anywhere. Therein lies the problem and why healthcare institutions fall victim possibly the easiest because these highly vulnerable environments are then connected to the open Internet.
Deon Olton, who is with the CCSC, said the threat of such an outbreak at the global level should serve as a wakeup call for all organizations in the Caribbean. This is just a litmus indicator of our own level of exposure as thousands of organizations in the region are using unlicensed and unpatched software to cut costs or may be mandated by the vendor of a particular piece of equipment. Either way, this puts them at great risk.
Mr. Olton warns that there’s no silver bullet for fixing ransomware and shares the following advice on how companies can proactively block these types of attacks. Spend time and money on proper prevention, or else you may be forced into considering whether it makes business sense to pay a ransom. A company’s level of exposure tends to be a measure of the information security practices and we recommend the following:
1. Maintain backups. Back up everything, do it frequently, and ensure backups are stored off-site. Also test backups frequently to ensure that they can be successfully restored.
2. Update and patch: Known operating systems and application flaws are often targeted by attackers to infect systems with malware. That’s why patching remains the best and fastest way to help stay secure.
3. Use anti-virus: Keep anti-malware software up to date.
4. Don’t click: Do not follow unsolicited web links in emails.
5. Choose a Cyber Security Partner: Access expertise with Cyber Security talent.
6. Never pay the ransom: There is no guarantee that payment will allow restore access.
The reality is that some organizations in the Caribbean are already compromised and will feel the effects of this evolving digital threat in the coming weeks and months. The lack of preparedness for these threats will lead to Caribbean governments and private sector organizations being battered by an increasing range, type and frequency of attacks which demand a proactive and appropriately sophisticated response by those charged with cyber defense.