Attack of the tools!

As part of my last post that showed who was attacking who around the globe, in this post I will focus on the recent ransomware attacks. I’m pretty sure we’ve all heard in the news of the WannaCry (https://en.wikipedia.org/wiki/WannaCry_ransomware_attack) and Nyetya (http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html) attacks and the devastating effects that this has caused to corporations and people around the globe. For those that don’t know, these would be attackers would try to gain access to your computer system by exploiting a vulnerability in an un-patched Windows operating system. The attackers would then encrypt your system rendering your files useless until you pay the ransom, hence ransomware, for the decryption key. These payments are usually in the form of bitcoin and it is nearly impossible to track who these attackers are and you are never guaranteed to get the decryption key after paying the ransom. So, as part of any data protection strategy, it is always good practice to regularly backup your data to an external device or to the cloud so that in the event you do get infected, you can just re-image your system and restore your data from your last good backup and not pay the ransom. Yes, you may lose some data if the infection occurred during the day as backups usually occur the night before but at least you have a point in time which you can roll back to. That is better than losing everything since day 1. 

You might be wondering how can these attackers get access to my system? Well, my dear Watson you can thank the NSA for that one. Apparently, it was the NSA who developed such tools in the first place (DoublePulsar, EternalBlue, just to name a few) to exploit vulnerabilities in Windows operating systems and because these tools were leaked to the Dark Web by the Shadow Brokers (https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/; https://www.cyberscoop.com/nsa-hacking-tools-shadow-brokers-dark-web-microsoft-smb/) these would be hackers are using these tools for their own personal advantage.

So what can you do to protect yourself? It is imperative that you regularly update your OS with the latest security patches, upgrade to the latest operating system (why still use XP?), make sure anti-virus and anti-malware patches are up-to-date and backup your data regularly. The next step is train people not to open emails/attachments from someone they haven’t heard of. And the last step is to subscribe to threat intelligence services that advise you on the attack, how the attack occurred and what remedial steps you need to follow to ensure you don’t get infected. I personally have subscribed to Cisco Talos (https://www.cisco.com/c/en/us/products/security/talos.html) as I find they provide some of the most detailed analysis on cyberattacks. I highly encourage you all to subscribe. Here is an example of their work on the WannaCry attack (http://blog.talosintelligence.com/2017/05/wannacry.html) and another that raised my eyebrows: http://blog.talosintelligence.com/2017/08/chinese-online-ddos-platforms.html

Comments

Post a Comment

Popular posts from this blog

Who's attacking who?

Image
These days with the super powers pointing the finger at each other for cyber warfare, I was interested to find out where they do they really originate from? After a bit of Googling there are quite a few websites from security vendors that show real time cyber-attacks occurring across the globe. I was quite surprised to see that it’s not just the super powers but nearly every nation and some are even attacking themselves! So, if you have nothing better to do and want to make your monitor look busy, visit the below sites and bring some popcorn. You might even spot the next ransomware attack!         http://map.norsecorp.com/#/   https://threatmap.checkpoint.com/ThreatPortal/livemap.html
Keep reading

Why one Software Defined Storage solution will rule them all!!!

Image
In my travels across Asia I’ve spoken to many customers to showcase the merits of running their datacenter with software defined storage. If webscalers like Google and Facebook can run their datacenter using commodity x86 servers along with software defined storage, why can’t you? When was the last time you saw 404 in your browser when accessing Google or Facebook? In this blog post I’ll describe why you should consider Dell EMC ScaleIO as the ONLY software defined block storage solution that not only replaces traditional SAN but can also run in hyperconverged environments. No other solution in the market today can run both at the same time in the same cluster for any application at any scale! Software defined storage has been around for a short period of time and yet it has garnered a lot of attention over the years. There are many solutions out there in the market that claim to be the leader and that’s ok. What you need to understand first and foremost is the architecture of how
Keep reading