In the last few months alone, three massive cyberattacks have struck businesses around the world. In May 2017, the Wannacry ransomware attack targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin currency. The Verge reportedthat this attack affected more than 200,000 computers in more than 150 countries. It caused havoc with the United Kingdom’s National Health Service, Spain’s Telefoncia, FedEx and Deutsche Bahn were also infiltrated, among other entities, according to CNN.
Protecting Windows Domain Network configurations is a huge task that can sometimes lead to security flaws. Hackers may use those flaws to “hop” around the organization’s workstations and servers and extract critical assets. Luckily, in the Wannacry case, The UK’s Telegraph reported an effective kill switch was discovered within the code of the ransomware and was quickly disseminated, which slowed the spread of the infection. Lateral movement inside a Windows Domain Network is a common penetration scenario. As cyber attackers move deeper into the network, their movement and methods become more difficult to detect, especially when they utilize Windows features and tools typically used by IT administrators.
In June 2017, a variation of the Petya/Notpetya ransomware ignited a major global cyberattack that was first noticed by a large number of Ukrainian companies. This attack utilized a variant in the family of encrypting ransomware known as Petya, first discovered in 2016. According to the New York Times, the malware again targeted Microsoft Windows-based systems, infecting the system in such a way that it corrupts encryption on the hard drive and prevents Windows from booting. This attack also resulted in demands that the user make a payment in Bitcoin in order to regain access to the system. The New York Times reported Infections from this attack were seen in France, Germany, Italy, Poland, the United Kingdom, and the United States, but the majority targeted Russia and Ukraine, where more than 80 companies initially were attacked, including the National Bank of Ukraine. The Associated Press reported that the Rotterdam home port of Danish shipping giant Moller-Maersk was down for six days and their whole network was crippled for an extended period.
Most recently, Verizon customer data was accidentally exposed by a business partner that facilitates the company’s customer service calls. The Verge reportedthat the telecommunications giant has confirmed that six million records were compromised. It was widely reported that the cause was a misconfigured security setting on the server. As a result of that simple human error, information like customer names, PINs and account balances, mobile numbers, home addresses, email addresses were left vulnerable.
This points to a widespread concern. Along with human error, faulty updates and patches can result in misconfigured security settings, whether in the cloud (as in the Verizon situation) or on premises. Even a simple checkbox, when marked incorrectly–marking security settings public instead of private, for instance—could expose an organization to sensitive data leakage or cyberattacks. Automatic security assessments and continuous testing of security controls can help businesses verify that changes and updates were done properly and safely.
Email systems in particular warrant close attention, considering that an astonishing 75 percent of cyber-attacks originate from malicious emails. Despite greater use of mail filters and content disarming solutions, the number of targeted attacks from outsiders has dramatically increased in recent years. Major companies, government agencies, and political organizations have reported being the target of attacks. The more sensitive the information that an organization handles, the higher the possibility of becoming a victim of such an attack. And, again, poor configuration or implementation of those products might lead such organizations to false assumptions of safety. Emails containing attachments with malicious files such as malware, ransomware, worms, etc. imbedded within html, ics, vcs, and pdf files have easily penetrated security barriers that organizations utilize. From our own internal customer data, the penetrated files contained an average of 54-percent ransomwares, 44-percent worms, 57-percent exploits and 37-percent malware.
Organizations today invest billions of dollars in security solutions to protect their data, block malware, and safeguard critical business processes. Yet many companies are still vulnerable in the face of ever-changing cyberattacks and breaches. The current industry model of cyber security testing can be too time-consuming, inefficient, and incomplete to be as effective as it should be.
One new approach to cyber vulnerabilities, cyber simulation platforms, allows businesses to test, as often as needed, security assumptions, identify possible security gaps, and receive actionable insights to improve their security postures. Full cyber security simulations can be run at any time, without having to shut down security systems. Software as a service (SaaS) breach and attack platforms enable multi-vector, internal or external attacks—targeting the latest vulnerabilities, and some yet to be discovered. Simulated attacks help expose vulnerability gaps and encourage businesses to assess how safe their systems truly are at any given moment.
It’s a well-known dictum that Chief Security Officers are paid to be afraid of what they don’t know. On top of that, there is the constant and long-standing business pressure to get more done with less. A 2016 CIO magazine survey found that 54 percent of security professionals say that “detection of vulnerabilities, malware, malicious activity or compromises as their most pressure-inducing security responsibility.” The survey also revealed that many security pros lack the in-house resources and skills to handle the proactive prevention aspect of security. This, naturally, forces security pros to turn to outside resources. The survey reported “86-percent noting that they either planned to partner or have already partnered” with an outside service provider. It is good to know that such services exist and through the natural evolution of information technology, they become increasingly cost-effective and efficient. Perhaps predictive data/analytics will allow us some day to anticipate what’s coming rather than simply reacting to cybersecurity issues after-the-fact. But until such time, the best bet is to shorten the time lag between testing and having a close to definitive answer to the question; am I safe right now?