WannaCry – What Was Old is New Again

WannaCry – What Was Old is New Again

Timo Ahomäki

Head of Portfolio Development at Tieto

Views 864

WannaCry – What Was Old is New Again

16.05.2017 10:45 am

Last Friday, the world saw an outbreak of one of the most extensive malware breaches in a while. This malware, called variously WannaCrypt0r, WannaCry or WCry, managed to infect tens of thousands of computers globally in the matter of hours. While new types of malware come and go on a regular basis, it was the nature of this particular piece of malware that took the world by surprise.

WannaCry is a ransomware attached to a worm. These are a type of malware that has the capability to self-propagate without human interaction. In other words, they can infect a target system by autonomously crawling through a network by exploiting vulnerabilities in operating systems and other programs.

Worms are nothing new. Some of us may still remember names like “Love Letter”, “Blaster” and “Conficker” from the 2000’s, when a number of the then novel fast spreading internet worms were making headlines.

And indeed, the spreading mechanism of WannaCry is very familiar from those predecessors. To a point where you might wonder why all the fuzz. How come are we not able to stop it, when the basic mechanism has been known for a decade?

Proper network hygiene forgotten?

One answer may lie in the fact that we have not seen massive worm attacks in years. With the software vendors getting more prudent in blocking “wormable” vulnerabilities, and the firewalling techniques improving, worms have not been a present threat as of late. This may have caused many system and security administrators to forget some of the good practices learned the hard way in the past.

To refresh the memory, the spreading of relatively primitive worms like WannaCry can be effectively curbed simply by following proper networking hygiene. The kind that stipulates you should only have ports open where there is a real need for them to be open. Or only allowing connections from/to hosts and/or applications that actually need to be connected.

In the case of WannaCry, there is normally no need to have the SMB protocol open network-wide  in workstations. Nevertheless, it is often left open bi-directionally. Just in case. In this case, however, the sloppy practise leaves the door open for worms.

While the main purpose of WannaCry appears to be to drop the ransomware, there is essentially nothing preventing a similar, maybe stealthier, malware from performing other tasks as well. For example, the self propagating properties might become handy for automatically finding and exfiltrating large amounts of information from an organisation in a highly unpredictable way. Such a malware would clearly cause big issues for example to an organisation striving for GDPR compliance.

Detection and protection 

As of late, the detection and blocking of intra-network anomalies has been mostly discussed in conjunction to the so-called advanced persistent threats (APTs). This type of attack is by definition much stealthier than a relatively noisy worm like WannaCry, which by its nature makes itself known.

While there are specific solutions available to combat the sometimes very tricky APTs, protection from the simpler forms of self-propagating malware can be achieved with solutions such as next generation firewalls and advanced endpoint protection. Connected to a 24/7 security operations center for fast detection and response, these are well suited to detecting and blocking many types of network-borne anomalies on multiple levels, allowing policies to be implemented to offer a good level of security, while minimising the impact on business flexibility.

The situation with WannaCry, at the time I’m writing this, is that the whole world is busy patching their Windows systems to block the vulnerability used by WannaCry. And rightfully so. Ensuring that these patches are promptly applied should at the moment be at the top of every system admin’s priority list.

However, patching will only disable the worm from self-propagating using this particular exploit. The ransomware function of WannaCry as well as any potential future worm-borne malware can best be blocked by having the necessary security controls including proper system configurations, advanced endpoint protection and next generation firewalls in place. In fact, WannaCry was actually quite easy to block pro-actively.

Do you want to learn more about protecting your organisation against ransomware? Or know more about GDPR? Download Tieto Security Services’ white papers on ransomware and GDPR!

This article originally appeared on perspectives.tieto.com

Latest blogs

Granville Turner Turner Little

The Lockdown Money Revolution

Many Brits have found that lockdown has been beneficial for their money, having cut back on personal spending and managing to put away some extra cash. According to eToro, Brits with unspent discretionary income are set to accumulate £75.5bn in Read more »

Sandra Higgins Sysnet Global Solutions

Are You ‘Prescribing’ the Right Security Solution to Your Merchants?

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs Read more »

Robert Flowers DivideBuy

It Doesn’t Have to Be the End – How Retailers Can Grow in Light of COVID-19

It’s no news that the retail industry has been flipped on its head by the COVID-19 pandemic. Due to the lockdown, most in-store operations have been shut down, and nationwide furloughs, reduced pay and steady streams of income at risk have fuelled a Read more »

n/a n/a

4 Ways to Protect Your Small Business Against Cyber Attacks

Just because you are running a small scale business doesn’t mean you are beyond the reach of hackers and attackers. Many small businesses have this thought, which is why they do not invest in their cybersecurity. Unfortunately, every year small Read more »

Kirston Winters MarkitSERV, IHS Markit

IBOR transition update: €STR grabs a foothold?

In the latest development in the IBOR transition, on the weekend of July 25th, we saw the major CCPs perform the much-anticipated Euro discounting and price alignment transition from using EONIA to EuroSTR (a.k.a. €STR) for all Euro OTC interest Read more »

Related Blogs

Daria Afanasyeva UTP Merchant Services Ltd

Cybersecurity – Online payments are getting more secure

Ever since we've been able to buy anything we need with just a click of a button on our laptops or phones, online sales have been consistently increasing each year. Just last year, the total value of UK retail sales was £394 billion, with an average Read more »

Tristan Morgan BT

Cyber security trends for 2020

This has been another busy year in cyber security, with hackers targeting business, governments and major cities across the globe. From a financial services perspective, 2019 witnessed a number of high-profile data breaches, some of the largest to Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Andre Stoorvogel Rambus

Money20/20 Trends: AI, ‘Everyday Commerce’ and Security

The bright lights of Las Vegas have gone out on Money20/20 for another year. As always, the event brought together the biggest names in payments and provided unprecedented insight into the future of financial services. So, after four days of Read more »

Abdul Naushad PayCommerce

Cyber-security in Cross-Border Payments

As financial institutions make significant investments in cybersecurity technologies and systems, the hacking techniques of those determined to break into those systems and compromise information have become even more sophisticated. From the Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel