Saturday, 20 May 2017

'Patch' computer systems vs. cyber attack, says expert

There are ways to protect your business networks from cyber attacks such as the WannaCry ransomware, said a security researcher.
Juan Andres Guerrero-Saade, a senior security researcher in Kaspersky Lab's Global Research and Analysis Team, pointed out the importance of having your system "patched," having backups, and using security solutions.
"The highest absolute priority is to patch. Patch patch patch. Please people like this is the one, biggest thing we could do right now is to make sure the systems are patched,"said Guerrero-Saade in a webinar.
A patch is a piece of software which is designed to update, fix or improve a computer.
Guerrero-Saade said people should have "offline backups" of their files and data.
"People need backups and please we need to emphasize that they need to be offline backups. If your backups are connected to the infected machines, then you're gonna have a problem because they will also get encrypted," he said.
He emphasized three things:
  •  Shadow volumes can be deleted.
  • Connected backups will be encrypted.
  • Backups have to be kept disconnected.
"Once attacker has an access to your system, they can determine essentially what they wanted to do with it," Guerrero-Saade said.
"Implement an automated solution for backups and also make sure that you test your backups," he added.
He also said that it is necessary to block incoming traffic to TCP Port 445, if possible.
Check your system for ransomware
Guerrero-Saade reminded the public that ransomware is not a "silent killer."
"Obviously you can see traffic... a lot of these general, essentially wide-connecting for different IP addresses that are being generated by the infected machines. It's quite noisy on the network level," Guerrero-Saade said.
"Ransomware makes its money by making people know that it's there. It's something that you're gonna notice quickly and of course you're gonna see a machine in your network or several machines in your network that are scanning for different machines that they might be able to infect," he said.
How WannaCry works
Cybersecurity company Kaspersky Lab said it had detected over 45,000 cases of WannaCry attacks in at least 70 countries.
"The largest number of attacks occurred in Russia, but Ukraine, India, and Taiwan have suffered damage from WannaCry as well. All in all, we have discovered WannaCry in 74 countries. This was only on the first day of the attack," it said.
Kaspersky Lab said the WannaCry virus takes advantage of the Windows exploit "EternalBlue," which attacks the vulnerability that Microsoft patched in security update MS17-010 last March 14.
The agency said cyber extortionists used the exploit to gain remote access to computers and install the encryptor.

"After hacking a computer successfully, WannaCry attempts to spread itself over the local network onto other computers, in a manner of a computer worm. The encryptor scans other computers for the same vulnerability that can be exploited with the help of EternalBlue, and when WannaCry finds a vulnerable machine, it attacks and encrypts files on it," the cybersecurity firm official said. — BAP, GMA News

No comments:

Post a Comment

How hacked computer code allegedly helped a biker gang steal 150 Jeeps

In a cross-border auto heist that resembles a scrapped plot from the “Fast and the Furious” franchise, nine members of a Tijuana-based bike...