Net security experts assess latest ransomware attack

28th June 2017
Net security experts assess latest ransomware attack
Image: courtesy LinkedIn

June 28 2017: Net security experts operating in  India have  given their take on the latest   cyber-threat:

Rana Gupta, Vice President, APAC Sales, Identity and Data Protection, Gemalto: “Because data is the new oil in the digital economy, ransomware attacks that restrict access to important data until the attacker is paid are becoming increasingly common. However, neither businesses nor individuals should pay ransoms to unlock any files that have been affected by a ransomware attack, as this incentivises and rewards these kinds of attacks.  Data should be backed-up and encrypted, and stored away from the network  where the rest of the data is stored on.  In  the event that a ransomware attack locks someone out of their files, they will have secure copies available."
Kobi Ben Naim, Senior Director of Cyber Research, CyberArk Labs: "Based on initial analysis, NotPetya is different from WannaCry in that it appears to be sparing endpoints that use a US English-only keyboard. Any individual and organization with an unpatched Microsoft system remains vulnerable to the worm. NotPetya requires administrative rights to execute. So, if a user clicks on a phishing link, the ransomware will  infect the network."
Mark Hearn, Director of IoT Security, Irdeto: "While this attack directly impacts IT systems, we must consider how the ransomware threat will evolve in the near future to also impact IoT devices and connected cars. If something as simple as system patches are being missed to let ransomware in, the prospect for robust protection of IoT devices does not look good."
Juniper Networks: The networking player has put up a  Rapid Response blog on the new Petya ransomware, which explains  how it functions, how it spreads,  its impact  and  how to protect networks
Aamir Lakhani, Senior Security Strategist at Fortinet: "There are a couple of really interesting aspects to this attack. The first is that, in spite of the highly publicized disclosure of the Microsoft vulnerabilities and patches, and the world-wide nature of the follow-up Wannacry attack, there are apparently still thousands of organizations, including those managing critical infrastructure, that have failed to patch their devices. The second is that this may simply be a test for delivering future attacks targeted at newly disclosed vulnerabilities. Wannacry was not very successful, as it generated very little revenue for its developers. Petya’s payload, however, is much more sophisticated, though it remains to be seen if it will be more financially successful than its predecessor."
Nilesh Jain, Country Manager (India and SAARC), Trend Micro: “Similar to WannaCry ransomware, the Petya ransomware exploits SMB vulnerability, passing through SMB protocol, and exploits vulnerability which lies in Microsoft Operating System. To prevent the ransomware attack, firstly, companies should have proper segmentation of their network, most companies have horizontal network and there is no proper segmentation of network because of which the exploitation spreads very fast. The critical network and server should be properly segmented so that the penetration does not go beyond the segmentation of the network. Second thing is that companies must deploy host based intrusion firewall. They must enable firewall rule so that they can block the traffic coming from unknown sources. They also should make sure they patch the systems immediately.” 
Matt Moynahan, CEO Forcepoint: An important takeaway is the undeniable trend in the increasing ease by which attackers can penetrate the perimeter and get inside of corporate infrastructure. Perhaps even more important to consider is the motivation behind the attack and the harm intended on the target. In this case it was to hold companies ransom for $300; it could have been much worse. To address these new and evolving  threats, we need to understand the intent and motivations behind them.
If we do not invest in the cybersecurity of our critical infrastructure we will continue to see massive attacks with economic, employee and public safety ramifications.  From the government to the boardroom, leaders need to make cyber resiliency a requirement, putting focus and funding behind it.  While the perception may be that if we criminalize cyberattacks we will inhibit innovation, the reality is that if we do not treat cyber crime more seriously, attacks like WannaCry and Petya will start to feel even more commonplace than they already do.”
Pradipto Chakrabarty, Regional Director, CompTIA India: As of now, the effects in India has been observed at the Jawaharlal Nehru Port Trust. This can be explained as  one of the largest private enterprises to get effected is Maersk, the leading shipping and container corporation whose systems in all likely hood is interconnected with the networks of the JNPT. Having said that it is impossible to predict the next network where the “worm” will sneak in. Also, the Petya ransomware is more fluid than Wannacry as the latter was linear and had one way to move from network to network. Petya has the capability to evaluate multiple options and can use another option of attacking if one fails. It is indeed quite petrifying to imagine a situation is it infects the national service such as the Defense, Police, Financial Institutions and UIDAI.
Sivarama Krishnan, Partner & Leader, Cyber Security, PwC India : There are three propagation attack vectors which we have observed that the current variants of the ransomware is using: 1. Eternal blue - exloiting the MS17-010 vulnerability - the same vulnerability being exploited by wannacry. Solution: patch the systems with MS17-010
2. Admin$ - the malware can try to exploit the service account Admin$ and trust relationships. Solution: preferably disable Admin$ using GPO 3. WMI - bruteforce WMI. Solution: there is no solution other than having strong password policy.