The Hidden Menace: Malware Threats and the Costs of True Network Security
by Brian Kelley
2017 is set to become the year of file-locking malware. Aptly dubbed ransomware, various computer systems across the world had their files encrypted by a program called WannaCry. From personal and work computers to hospital systems with private patient data, approximately 57,000 computers were infected by mid-May, with an estimated 200,000 devices across the globe being potentially infected.
The WannaCry virus is an insidious crypto-locker program, the type that renders files unusable unless a ransom of bitcoins is paid by the deadline. There’s also no guarantee that paying the ransom will decrypt the files. For personal computing, this is merely a nuisance. But when the ransomware affected the U.K.’s National Health Service and delayed surgeries, the line between cybercrime and cyber terrorism is crossed.
We’re still in the aftermath of this attack, and the ultimate damage is still unknown. Evidence seems to point to the source code of this virus originating from a weaponized trojan created by the NSA called EternalBlue. It seems there’s a direct correlation with data leaks and cyber attacks these days.
While malware threats like WannaCry are becoming all too common, antivirus software and IT security firms will be operating at full capacity to answer them. But is traditional antivirus software the answer?
High-Tech and Cutting-Edge Doesn’t Stay Secure For Long
Computer viruses are nothing new of course. Trojans transmitted over the internet have been plaguing us since the late 90’s. Whenever new operating systems debut, it’s not too long until someone finds an exploit. And once that exploit is known to an unscrupulous hacker, the newest OS just becomes a greater liability as time goes on.
In the case of WannaCry, any computer still using Windows XP/Vista is open season for the virus. Keeping old software and not installing security updates essentially inviting these kinds of attacks, so keeping your computers up to date is the number one way to prevent these attacks. While using the latest antivirus software may be effective in finding and isolating trojans and other malware, it’s not a guarantee, and certainly doesn’t beat diligence and good housekeeping.
The danger lies with institutions that are known for not having the most up-to-date computers and operating systems, namely hospitals or clinics. WannaCry isn’t the first incident where a hospital was held to ransom, and it doesn’t look like the problem will go away anytime soon. Especially when it turns out the cheapest option is to pay the ransom.
Stopping The Malware Threats
There are no easy answers with modern cyber attacks. Not only is malware notoriously difficult to detect (WannaCry finds and encrypts about 176 different file types), but there are currently no proven methods to reverse the encryption. Some researchers have presented at least partial workarounds that remove the files, while others have found ways to unlock the files under certain circumstances.
The very nature of encryption means that stopping the attack in the first place is the only surefire way to keep your computers and your files safe. Much of the concern that arises from this latest attack is with the NSA and how they were the first to discover these weaknesses in Microsoft’s network. Rather than inform Microsoft of the flaw, the NSA developed a weaponized zero-day exploit. Only after the exploit was publicly leaked by a hacking group called the Shadow Brokers did Microsoft release the security patch.
The principles of cyber security are usually operating with subterfuge and obscurity. But in this case, it may have been these exact reasons that lead to what could be the worst cyber attacks in history.
So How Do We Stop Them From Happening?
If you’re using Windows, especially versions older than Windows 10, downloading and installing the latest security patch should be done immediately. The next step is to look into how you protect your computer or networks. While antivirus software may catch a good deal of cyber attacks, their sophistication and capabilities are being profoundly outmatched by the techniques of hackers.
When looking for practical solutions for protecting your systems, assess your login behavior and determine what kind of risks you pose to yourself. Private servers and extensive endpoint protection might be necessary — with some industries even making them mandatory. But many overlook protecting one of the most susceptible aspects of your security, the username and password pair.
Security tokens and MFA for login credentials are not necessarily new, but they’re an important line of defense against ransomware infecting machines in the first place. While there might be gaps in your operating system, keeping your computer (and online accounts) locked with a complex, hard-to-crack set of user credentials can stop some of the worst attacks.
