Petya and WannaCry: a new security environment

June 28, 2017 Srini CR

On Tuesday, a large-scale global ransomware attack named Petya spread across the globe. It affected a number of multinational corporations, as well as critical national infrastructure in several countries. The latter included the Kiev metro system and the radiation monitoring system at Chernobyl, both in Ukraine, and the port of Rotterdam in the Netherlands.

What happened?

The ransomware spread rapidly across entire organisations, taking over computers by exploiting vulnerabilities in Microsoft’s Windows operating system. Once machines were infected, users were faced with messages demanding $300 of the cryptocurrency Bitcoin as ransom. The attack comes soon after WannaCry, another widespread ransomware attack that had a similarly devastating impact on businesses and organisations around the world, including on the UK’s National Health Service (NHS).

Why is this kind of attack so successful?

The security updates and patches that are used to protect business IT systems can often have an impact on the applications they are designed to protect. So, while most businesses are aware and have up to date information on the latest patches through their security service providers, they can sometimes take the conscious decision not to update to the latest patches for fear of critical application downtime, and the inevitable negative impact on the business of this downtime.

By willingly delaying updates, they become a potential victim of an attack. However, the effects of a large scale attack like Petya are patently far worse than any productivity loss caused by installing updates and patches. Following the previous WannaCry attack, we found that only about 10-15% of businesses worldwide were well prepared with the right security and latest patches and updates. The other 80-85% of businesses did not and should have undergone urgent, emergency patching. Petya exploited the same vulnerability on Windows systems as WannaCry did, meaning that organisations that updated patches for this vulnerability last time were unlikely to have been affected by this attack.

What can businesses do about ransomware attacks?

Clearly, security updates are key. However, some updates may need elaborate testing – so it may not be possible to apply patches right after they are released. This is where service providers like Tata Communications step in, to help customers in deciding how they can go about this process. Businesses that have a process of sustained monitoring of such alerts and a process for patch updates would be completely protected in such situations. They would have an inventory of what patch levels they are at and which versions require an update. In most of these situations, having the right information in terms of where vulnerabilities exist makes a world of difference in coming out of such attacks unharmed.

Additionally, a strong security infrastructure is not just about a secure network, as investments need to be made in detection and predictive tools and services. Many organisations are using outdated methods of protection that focus too heavily on blocking and prevention mechanisms. These methods are decreasingly effective against the advanced threats from today’s motivated, advanced hackers. There is no such thing as an unsinkable ship, and there is no such thing as impenetrable prevention against attackers.

Experienced personnel should also constantly be on standby to identify any weaknesses quickly. It’s crucial that victims look towards the expertise and support of security partners like a managed security services provider (MSSP) or an internal cybersecurity team to respond appropriately to the security incident. The response to an incident like this has to be swift and decisive, with the immediate focus on the isolation of infected systems and networks. In the immediate aftermath, communication within the organisation is also critical – periodic updates to the user base will help in clarifying incident response actions and keep staff and colleagues in the loop and fully onside when it comes to dealing with the incident.

Digital transformation: opportunity not a threat

As a result of their unprecedented size and scale, these recent cyber-attacks have transcended the business and security worlds and have broken through to the wider public consciousness. The effect of WannaCry on the NHS, for example, was particularly newsworthy in the UK. Clearly, we are living in a new security environment. At the same time, the business world is undergoing rapid change as new technologies like 5G, automation and AI start to take effect.

Many organisations are grasping the potential of these new technologies to undergo their own digital transformation. However, there is a common misconception that security hinders innovation, and limits the rate at which organisations can harness digital transformation. In reality, failing to factor in security at the outset of a digital journey can increase the risk from outside threats. Digital transformation is a must if businesses wish to harness these powerful new technologies – as is remaining protected in this increasingly uncertain and dangerous security environment. Periods of digital transformation are in fact opportunities to strengthen security in parallel with transforming businesses.

Read Srini’s recent post on how to get a grip of cloud security 

Previous Article
Why does new technology fill CIOs with anxiety and uncertainty? Part 1
Why does new technology fill CIOs with anxiety and uncertainty? Part 1

“The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an ...

Next Article
Robotics and girl power: interview with Girls of Steel
Robotics and girl power: interview with Girls of Steel

As part of Tata Communications’ aim to drive innovation in digital technologies and promote diversity, the ...