Could Basic Security Hygiene Have Prevented WannaCry’s Rapid Propagation? Yes.
By Nigel Tan, Asia Pacific Business Development Executive, IBM Security
On Friday, May 12th, cybercriminals launched what is believed to be the biggest ransomware attack ever recorded. This ransomware outbreak, dubbed “WannaCry” spread with unprecedented speed, taking down the systems of more than 100,000 organizations in over 100 countries—all within the span of 48 hours.
To say that this is the biggest ransomware attack ever recorded is true, but it’s a very shallow truth. Beneath the success of this attack, and many others of its magnitude, lay the same age-old issues: unmanaged risk and pending vulnerabilities.
The Importance of Patching
This ransomware onslaught is a resounding reminder of the importance of security basics, especially when it comes to Microsoft product patching. Security professionals have long stressed the importance of basic security hygiene, such as patching and backups; however, that advice is often overlooked because security updates are perceived to be a nuisance for business.
A flaw in a file sharing protocol (SMBv1) of Microsoft Windows Operating System contributed to the scale of this attack, but it could have very easily been avoided. Those who applied critical Microsoft Windows patches released in March were protected against this exploit. Those who didn’t were left at risk.
WannaCry’s exploitation of this Windows vulnerability enabled it to spread at great speed from one workstation to a vast network of endpoints without end user interaction. As a result, WannaCry adopted a rapid propagation breach method instead of the more common email phishing attack that relies on user interaction.
The massive scale of this attack shines a light on just how many organizations were using outdated, unpatched systems. The impact of WannaCry could have been greatly reduced if critical Microsoft Windows patches were applied in time throughout organizational industry networks.
What should companies do to protect themselves?
Organizations are scrambling to urgently deploy the relevant Microsoft patch across entire Windows infrastructure. In addition to the March 14 patch (MS17-010) for supported systems, Microsoft has also issued an emergency patch for older systems, like XP, that can be accessed here.
Victims are highly discouraged from paying the criminals after these attacks as there is no guarantee that this will unlock your data – and it might make them a prime target for the next attack.
Going forward, let’s work towards becoming more resilient to these kinds of attacks and remove the need to consider paying ransom at all. With ransomware on the rise and the huge amount of value held in digital format, both companies and consumers need to be even more vigilant in backing up their essential and business critical data.
Here are a few key areas that companies should focus on to improve “security hygiene”
Patch all Software: Deploy a patch program and make sure it extends to security software. Have up-to-date antivirus and malware detection software installed on employee endpoints. Set up regular scans and automatic updates for those solutions. Update any software you use often and delete applications you rarely access.
- Be Vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links. WannaCry may not have started as a “phishing” attack such as this, but most ransomware attacks do.
- Backups: Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test backups periodically to verify their integrity and usability in case of emergency.
- Disable Macros: Disable Microsoft Office file macros when those are launched through email attachments, especially from external parties.
- Plan: An incident response plan is key to quick discovery and recovery from any security incident. Create plans and be sure to practice and optimize them to orchestrate the response.
- Ensure your employees, suppliers and others who work with your company receive regular security training, such as how to spot suspicious emails – and who to call if something goes wrong.
Ransomware was the most prevalent online threat in 2016, with US government statistics tracking over 4,000 attacks per day at times, reaching well over 65 percent of all spam messages that carry malicious payloads, according to an IBM X-Force Research report on ransomware. With the success of WannaCry, the rising ransomware trend isn’t going away anytime soon.
To avoid future attacks such as WannaCry, organizations around the world need to understand the elements of these attacks and be prepared for copycat threats with new twists. Most importantly, organizations need to stay the course of keeping systems secure by implementing preventative measures, such as regular security updates and backups. Rather than perceive security hygiene measures as a nuisance, organizations need to think of them as an opportunity to avoid falling victim to the next big security threat.