A Petya ransomware attack suspected to be a modified EternalBlue exploit is currently spreading around the world as we go to press, with UK and European organisations already affected and shipping company Maersk and ad agency WPP announcing problems with systems down.
With only a few days since the attack on the UK Government on Friday 23rd June, security experts are describing such high profile attacks as the ‘new normal’. Weak passwords on email accounts were to blame for around 90 parliamentarians being attacked. An official spokesperson commented that users had failed to adhere to official guidance from the Parliamentary Digital Service. Immediate remediation of disabling remote access was put in place as a precaution whilst further investigation were made.
This follows hot on the heels of last week’s report by Which, revealing that communications giant Virgin’s consumer Super Hub 2.0 router was found to be vulnerable to hacking for those who had not changed the default wifi password setting, felt by experts to be too short and not sufficiently complex. Virgin are not alone amongst Internet Service Providers for issuing relatively simplistic wifi keys according to penetration testing experts. Future success in thwarting attack will require 1) a change of culture from consumers to proactively change the default password on any wireless device and 2) for retailers to ensure that directions for changing the password are immediate to access the service, easy to read and quick to do.
And all of this just one month since the WannaCry cyber attack on NHS England which was amongst around 70 organisations hit worldwide. Brian Lord, former Deputy Director for Intelligence and Cyber Operations at GCHQ commented in May that this was due to a change from low level theft and use of ransomware in the past few years to now internationally organised crime. Todays criminal networks could generate sustained and co-ordinated attacks into the backs of ageing IT systems, delivering a simple tool at mass scale to vulnerable areas – in this case, systems where Microsoft security patches hadn’t been updated.
The clear messages from these tales of woe are:
• Ensure effective security and governance procedures are in place for businesses and institutions – and that these are shared, understood and abided to by all staff without exception through regular training and education awareness.
• Consider two factor authentication and more intelligent solutions around identity management and password tools to keep the door closed to wrongful access.
• Protect older, more vulnerable Operating Systems through regular security assessments and vulnerability detection programmes to scan your networks and find holes in perimeter security to help target your patching priorities.
Rome wasn’t built in a day, but organisations that do not have strong and effective preventative measures can easily fall in one day. Keep security at the forefront of your thinking and actions. Read our full article on Ransomware here