230,000 infected systems. 150 countries. That’s the latest count of victims infected by the WannaCry ransomware that has made waves throughout the world at an unprecedented level. The attacks haven’t been limited to home users, as more than 100,000 organisations including hospitals, large corporations, and government bodies come to a screeching halt.
It’s a rapidly developing story, with new developments each day, and evidence of a version 2 imminent, but here’s what we know so far:
Why WannaCry is different animal
Ransomware has typically required a slip up from the user, to open malicious attachments or download links, before infecting the user’s device. WannaCry’s deviousness comes from its ability to self-propagate without any action from the end user. It leverages on a known Windows exploit that allows the computer to be hijacked, then spreads to other unpatched PCs in the local network and even looks for remote hosts over the internet. Infected PCs have their data encrypted by the worm, and are immediately rendered unusable.
Can enterprises protect themselves from this type of cyber-attacks? The answer is a resounding YES.
In this scenario of a known exploit, thousands of man hours & dollars could have been saved by ensuring all endpoints are updated with the latest patches. The security engineers have done the heavy lifting of patching known vulnerabilities, as organisations we just need follow through on their work to stay protected.
What about safeguarding for the future?
The threats here are non-compliant unpatched devices that are still allowed on corporate networks uncontrolled. Shadow IT is a problem, where businesses don’t know who or what is connecting to their network, or what data is coming in and out. To add on, many companies don’t have a patch management system in place, or don’t enforce it.
Network Access Control (NAC) solutions are a great way to control which devices connect to your network and what they can do once they are connected. For example, NACs can perform compliance auto-checks, also known as Host Checkers, on all devices connecting in, so IT doesn’t have to. We covered this in detail last week. It can ensure that the endpoints are running the latest patches and/or antivirus, and if not, it can automatically remediate and apply the patches for the end user before letting them in. Quarantining or providing limited access until the end user ensures the device is compliant is also another option. Click here for Pulse Secure’s full configuration recommendations for WannaCry.
You can also look to Single Sign-On (SSO) solutions to mitigate keylogging threats. Keyloggers capture login credentials, and since many of us are guilty of reusing passwords across sites, we expose more than just the immediate account we’re logging into.
Having only to authenticate once and then use token authentication for all other services reduces your need for multiple usernames and passwords. It’s like using a safe, where the more times you key in the code for your safe, the more opportunities there are for people to pick it up. SSO is like a safe that knows you’re you without you keying in the code repeatedly.
As Pablo Garcia, chief executive of the security firm FFRI said, “You need to defend the network as if your life depends on it. Because in this case, the healthcare organizations being hit with the latest ransomware, life really does depend on the compromised network assets being held for ransom.”