WannaCry – What Was Old is New Again

WannaCry – What Was Old is New Again

Timo Ahomäki

Head of Portfolio Development at Tieto

Views 760

WannaCry – What Was Old is New Again

16.05.2017 10:45 am

Last Friday, the world saw an outbreak of one of the most extensive malware breaches in a while. This malware, called variously WannaCrypt0r, WannaCry or WCry, managed to infect tens of thousands of computers globally in the matter of hours. While new types of malware come and go on a regular basis, it was the nature of this particular piece of malware that took the world by surprise.

WannaCry is a ransomware attached to a worm. These are a type of malware that has the capability to self-propagate without human interaction. In other words, they can infect a target system by autonomously crawling through a network by exploiting vulnerabilities in operating systems and other programs.

Worms are nothing new. Some of us may still remember names like “Love Letter”, “Blaster” and “Conficker” from the 2000’s, when a number of the then novel fast spreading internet worms were making headlines.

And indeed, the spreading mechanism of WannaCry is very familiar from those predecessors. To a point where you might wonder why all the fuzz. How come are we not able to stop it, when the basic mechanism has been known for a decade?

Proper network hygiene forgotten?

One answer may lie in the fact that we have not seen massive worm attacks in years. With the software vendors getting more prudent in blocking “wormable” vulnerabilities, and the firewalling techniques improving, worms have not been a present threat as of late. This may have caused many system and security administrators to forget some of the good practices learned the hard way in the past.

To refresh the memory, the spreading of relatively primitive worms like WannaCry can be effectively curbed simply by following proper networking hygiene. The kind that stipulates you should only have ports open where there is a real need for them to be open. Or only allowing connections from/to hosts and/or applications that actually need to be connected.

In the case of WannaCry, there is normally no need to have the SMB protocol open network-wide  in workstations. Nevertheless, it is often left open bi-directionally. Just in case. In this case, however, the sloppy practise leaves the door open for worms.

While the main purpose of WannaCry appears to be to drop the ransomware, there is essentially nothing preventing a similar, maybe stealthier, malware from performing other tasks as well. For example, the self propagating properties might become handy for automatically finding and exfiltrating large amounts of information from an organisation in a highly unpredictable way. Such a malware would clearly cause big issues for example to an organisation striving for GDPR compliance.

Detection and protection 

As of late, the detection and blocking of intra-network anomalies has been mostly discussed in conjunction to the so-called advanced persistent threats (APTs). This type of attack is by definition much stealthier than a relatively noisy worm like WannaCry, which by its nature makes itself known.

While there are specific solutions available to combat the sometimes very tricky APTs, protection from the simpler forms of self-propagating malware can be achieved with solutions such as next generation firewalls and advanced endpoint protection. Connected to a 24/7 security operations center for fast detection and response, these are well suited to detecting and blocking many types of network-borne anomalies on multiple levels, allowing policies to be implemented to offer a good level of security, while minimising the impact on business flexibility.

The situation with WannaCry, at the time I’m writing this, is that the whole world is busy patching their Windows systems to block the vulnerability used by WannaCry. And rightfully so. Ensuring that these patches are promptly applied should at the moment be at the top of every system admin’s priority list.

However, patching will only disable the worm from self-propagating using this particular exploit. The ransomware function of WannaCry as well as any potential future worm-borne malware can best be blocked by having the necessary security controls including proper system configurations, advanced endpoint protection and next generation firewalls in place. In fact, WannaCry was actually quite easy to block pro-actively.

Do you want to learn more about protecting your organisation against ransomware? Or know more about GDPR? Download Tieto Security Services’ white papers on ransomware and GDPR!

This article originally appeared on perspectives.tieto.com

Latest blogs

Ian Johnson Marqeta

UK finance finds that 7.4 million in UK living "almost cashless" lives

These findings show that even before COVID-19 struck, digital banking was increasing exponentially. As more people adopt online and mobile banking, the demand for greater personalisation, flexibility and value that consumers expect from their Read more »

Ian Bradbury Fujitsu UK

UK Finance's UK Payment Markets Report - Comment from Fujitsu

Over the past months, businesses have had to rapidly move away from physical cash in order to provide consumers with a safer service. However, this data shows us that a gradual movement away from cash in society started long before the Read more »

James Turner Turner Little

Protecting yourself against a recession

The coronavirus outbreak has spread to businesses, leaving many around the world counting costs. Notoriously, known as the Great Lockdown, it’s been affecting the world economy since early this year. The predicted recession is considered to be the Read more »

Alan Cole JHC Financial

Every Cloud: Covid-19 and the opportunity for digital transformation

Faced with tighter regulations and changing customer needs, over the last decade Wealth Managers have not had it easy – but with the development of new technologies, many have been able to create efficiencies, reduce costs and shrink operational Read more »

Nabeel Irshad Mastercard

Two sides of the same coin: Financial and digital inclusion

The issue of how to tackle financial inclusion has long been a part of the conversation in banking and financial services circles. Regulations have ledto the UK’s biggest banks having to provide ‘basic bank accounts’ to cater for those who do not Read more »

Related Blogs

Tristan Morgan BT

Cyber security trends for 2020

This has been another busy year in cyber security, with hackers targeting business, governments and major cities across the globe. From a financial services perspective, 2019 witnessed a number of high-profile data breaches, some of the largest to Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Andre Stoorvogel Rambus

Money20/20 Trends: AI, ‘Everyday Commerce’ and Security

The bright lights of Las Vegas have gone out on Money20/20 for another year. As always, the event brought together the biggest names in payments and provided unprecedented insight into the future of financial services. So, after four days of Read more »

Abdul Naushad PayCommerce

Cyber-security in Cross-Border Payments

As financial institutions make significant investments in cybersecurity technologies and systems, the hacking techniques of those determined to break into those systems and compromise information have become even more sophisticated. From the Read more »

Keith Bedell-Pearce 4D Data Centres

GDPR and Cyber Security: the Elephant Herd in the Room

As the UK will still be part of the European Union (EU), General Data Protection Regulation (GDPR) will become UK law in May next year and whether we have hard or soft Brexit, GDPR is likely to remain on the statute books. With this in mind, Keith Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel