The bugs bite back
Ransomware attacks, the most notable of recent times being WannaCry and NotPetya, have barely been out of the news. WannaCry affected IT systems from over 150 countries. NotPeyta resulted in significant impacts for enterprises around the globe, although infections started in Ukraine. Although we have yet to experience attacks of the same scale, beneath the surface, an electronic evolutionary process is brewing. For WannaCry, in the immediate aftermath, the second wave of attack was prevented by Matthieu Suiche of Comae Technologies. Nevertheless, the industry has widely predicted that it will only be a matter of time before new variants of the original malware will make a comeback.
British businesses are subjected to 38 new attacks a day, a statistic revealed by SonicWall, a company that specialises in content control and network security. Perhaps more worryingly, these often involve modified variants of vectors which had previously launched successful attacks, including WannaCry. Whilst the original variants have been mollified, the new ‘strains’ use the same core attack mechanisms, but have also ‘acquired’ adaptions to techniques from defenders, thus becoming a ‘super’ strain of the original malware.
This is a mirror of the evolutionary process in biological bugs. Persistent antibiotic use, both in the clinic and in agriculture provided the perfect incubating conditions for antibiotic-resistant bacteria, sometimes multiple classes of antibiotics, the most notable being MRSA (methicillin-resistant Staphylococcus aureus). Once infection from antibiotics resistant variants takes hold, these are far more difficult, perhaps impossible to treat. Where treatments are available, these will require ‘last resort’ options, which are typically accompanied by significant side-effects and are difficult to administer. In healthcare, more emphasis has been placed on prevention. In the example of MRSA, personal hygiene, including frequent hand washing has become a central control. Where infection has occurred, early detection and mitigation will limit damage and contain further spread. In the case of electronic bugs, including ransomware, the same principles will place enterprises in good stead. Instead of personal hygiene, enterprises should exercise ‘cyber’ hygiene, which will hopefully prevent those bugs from taking a second bite.
Dr Wendy Ng, CISSP, CCNP; 14th March 2018