THE WANNACRY ATTACK – WHAT HAPPENED?

THE WANNACRY ATTACK – WHAT HAPPENED?

Let’s go back to Friday May 12th, news of a new ransomware attacking computers from Europe, Asia and America and other continents. The malicious program, named WannaCry infected hundreds of computers in nearly 100 countries, making it one of the most destructive cyberattacks in history.

The speed at which WannaCry has spread and the severity of this type of malware illustrates the vital need for all companies to employ the right data recovery services to protect critical data. With the right data backup services, even if your company network is attacked, valuable data will be protected.

WHAT IS WANNACRY?

WannaCry is a ransomware program that was used to attack unprotected computers throughout the world. It was originally discovered as it began ransoming several hospital computer networks in Europe, bringing operations to a standstill until data recovery services could be utilized to resume control of these healthcare systems. The malware has been described by some as an SMB worm and has since spread to other businesses and private users throughout Europe, much of Asia, America (of course the continent, not USA) and the rest of the world.

Although the initial ransomware was controlled after the first day, new variants have popped up, continuing to spread the program to nearly 4,000 computers per day. Those without appropriate data backup services have been severely affected by the encryption of stored information. 

HOW DID THIS HAPPEN?

WannaCry exploits a certain vulnerability in older Windows operating systems which does not include Windows 10 such like XP, Vista, 7 and 8. This very serious potential problem was known only to the National Security Agency (NSA) until earlier this year. Upon learning of this vulnerability, Microsoft issued a patch MS17-010 on March 14, 2017 to fix the vulnerability and prevent just what happened with WannaCry. The systems that have been affected did not know of or did not apply the patch in time.

WHY IS WANNACRY SO DANGEROUS?

Data recovery services know that ransomware is quite dangerous to computers and to your business as a whole because of how data is encrypted so that it becomes irretrievable. Yet the WannaCry program has been found to be even more dangerous than most ransomware because it spreads on its own, without any other interaction. If your computer is not properly protected, this file can with with worm-like capabilities and embed itself without you ever having to open an infected email or visiting an infected website.

Once the program is on your computer, it can spread in this same way to any other computers on your network, ransoming them all very quickly. The only way to resolve the issue correctly, since there is no guarantee that paying the ransom is effective, is to work with data backup services to move beyond the ransom demand, apply the supplied patch, and restore your information from a backup.

WHAT SHOULD YOU DO ABOUT WANNACRY?

The WannaCry ransomware attack highlights the need to protect your company in a number of ways, including having the right data recovery services. It also stresses the importance of both having the right security strategy in place as well as keeping all computers on your network properly updated with patches and new software releases. Cybersecurity strategies that include essential data backup services enable you to restore lost information and regain control of your computers in the safest and quickest manner.

Hopefully, you not been affected by WannaCry or any other ransomware attacks because your computers are well protected with the right firewalls, malware detection software, and other security strategies. Even so, new cyber threats like WannaCry are appearing every day and creating new risks for even the best-protected networks.

If you want peace of mind knowing that your network is safe, talk about cybersecurity and data backup services with an experienced provider like ACP. Our goal is to help you prevent attacks that can negatively affect your business by providing the security and data recovery services you need. For concerns about WannaCry, let ACP Technologies scan your network and provide a report of computers affected by this and any other viruses!

WORRIED ABOUT WANNACRY?

As always I say, does this information was helpful for you and others?

Tell me what do you think and don't be shine to share your thoughts with me.

COMMON TYPES OF NETWORK & COMPUTER ATTACKS

COMMON TYPES OF NETWORK & COMPUTER ATTACKS

Without security measures and controls in place, your data might be subjected to an attack. Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself.

Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place.

EAVESDROPPING

In general, the majority of network communications occur in an unsecured or "cleartext" format, which allows an attacker who has gained access to data paths in your network to "listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.

DATA MODIFICATION

After an attacker has read your data, the next logical step is to alter it. An attacker can modify the data in the packet without the knowledge of the sender or receiver. Even if you do not require confidentiality for all communications, you do not want any of your messages to be modified in transit. For example, if you are exchanging purchase requisitions, you do not want the items, amounts, or billing information to be modified.

IDENTITY SPOOFING (IP ADDRESS SPOOFING)

Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet.

After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data. The attacker can also conduct other types of attacks, as described in the following sections.

PASSWORD-BASED ATTACKS

A common denominator of most operating system and network security plans is password-based access control. This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password.

Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user.

When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time.

After gaining access to your network with a valid account, an attacker can do any of the following:

Obtain lists of valid user and computer names and network information.

Modify server and network configurations, including access controls and routing tables.

Modify, reroute, or delete your data.

DENIAL-OF-SERVICE ATTACK

Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users.

After gaining access to your network, the attacker can do any of the following:

·         Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.

·         Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services.

·         Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.

·         Block traffic, which results in a loss of access to network resources by authorized users.

MAN-IN-THE-MIDDLE ATTACK

As the name indicates, a man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data.

Man-in-the-middle attacks are like someone assuming your identity in order to read your message. The person on the other end might believe it is you because the attacker might be actively replying as you to keep the exchange going and gain more information. This attack is capable of the same damage as an application-layer attack, described later in this section.

COMPROMISED-KEY ATTACK

A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resource-intensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key.

An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack.With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.

SNIFFER ATTACK

A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.

Using a sniffer, an attacker can do any of the following:

Analyze your network and gain information to eventually cause your network to crash or to become corrupted.

Read your communications.

APPLICATION-LAYER ATTACK

An application-layer attack targets application servers by deliberately causing a fault in a server's operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following:

·         Read, add, delete, or modify your data or operating system.

·         Introduce a virus program that uses your computers and software applications to copy viruses throughout your network.

·         Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network.

·         Abnormally terminate your data applications or operating systems.

·         Disable other security controls to enable future attacks.