A Few Lessons From WannaCry
An industry leaders discusses the fallout from WannaCry, and some basic steps you can take to prevent any future ransomware or malware attacks on your system.
Join the DZone community and get the full member experience.Join For Free
The experts have warned that the threat is not yet over.
On May 12, 2017, the world was stormed by a Ransomware aptly named WannaCry that was programmed to encrypt all data on a system, and to unlock it the hackers demanded a hefty ransom.
The question remains, can such data breaches be mired or totally clogged with anti-virus programs, or is there a serious need for a coherent Security Testing strategy?
Though cybersecurity firms have warned organizations and individuals against paying the Bitcoin ransom, the hackers behind the malware have already made a minimal gain of $60,512.82. However, cybersecurity experts and connoisseurs from the industry maintain that such attacks on the internet will continue to grow and threaten the core existence of the web in the global socio-economic sphere.
Interestingly, according to Reuters, the motive of the WannaCry Ransomware attack was not necessarily to make money but to create a random disruption across the web. Russia, Taiwan, Ukraine, and India are said to be the most affected countries, specifically in the scenario where companies or individuals have been relying on unsupported or pirated versions of Microsoft Windows.
Experts across the web world are coming up with quick remedies to safeguard against the virus. For instance, installing reputable antivirus software, performing regular back-ups, enabling pop-up blockers, being alert over emails, alerting authorities in case of an attack, and the extreme amongst all – remaining disconnected from the internet. However, detaching from the internet is almost like breaking away from your basic business requirement.
A special report by Symantec on Ransomware and Business has noted that ‘The proportion of new variants classified as crypto-ransomware was growing year-on-year. That trend has continued into 2016 and, so far this year, all bar one of the new ransomware families documented by Symantec are crypto-ransomware.’
Knowing that such attacks will not stop and only intensify, enterprises today are in a serious need to build applications/software that are tested rigorously for their security and are, at the same time, able to alert the users against any probable cyberattack.
How can a comprehensive Security Testing plan work, and what have we learned from this recent attack to build a robust plan? We discuss 10 things this disaster has taught us about avoiding malware attacks on our systems.
1) Follow a Four-Phase Approach to Cybersecurity
F-Secure, a cybersecurity and privacy company based in Helsinki, Finland, suggests that one of the best approaches to cyber security is the following four-part one: Predict, Prevent, Detect, and Respond.
This essentially translates to predicting by performing an exposure analysis; preventing by deploying a defensive solution to reduce the attack surface; detecting by monitoring infrastructure for signs of intrusion or suspicious behavior; and responding by determining how a breach happened and what impact it had on your systems.
2) Build a Risk Management Plan
Are you at ease with the idea that you have the best Risk Management and Data Recovery plan in place? You could be at risk. Even the best plans can go for a toss during major cyberattacks, considering everything is connected and vulnerable. So, the idea is to be ready for the most unexpected problems in the ecosystem.
You can implement risk planning and identify a potential problem that can lead to hiccups for the project or the application – analyze, identify, take action, and minimize the impact of the threat.
3) Build a Dependable Back-Up System
The immediate response to this could be, ‘Yeah! We have stored all the information over the Cloud, and no one can decrypt it, as it is secure.’ Nevertheless, this might not work in a connected world where everything is interlinked and vulnerable to a cyberattack or a malicious crypto-ransomware.
Scanning and penetrating the data storage and back-up systems is indispensable today. For instance, Penetration Testing (referred to as pen testing) works to rigorously test the network, computer system, or web application for any possible threats and weaknesses.
4) Dealing With Plug-Ins and Ad-Blockers Effectively
It is essential to clean the system every once in a while and remove outdated plugins and add-ons from all the browsers. Only the ones used daily deserve to remain, and care should be taken that they are updated to the latest version. Ad-blockers quell pop-ups from randomly surfacing and are quite effective when looking to avoid the threat of potentially malicious ads.
Enable click-to-play plugins. They keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). The bulk of “malvertising” relies on exploiting these plugins, so enabling this feature in your browser settings will help keep the malware at bay.
5) Set Up a Virtual Private Network
A Virtual Private Network (VPN) is a Virtual Private Network, is essentially used to anonymize traffic flowing through the internet and secure it through encrypted connections and communication. A VPN creates a computer-generated point-to-point connection by employing dedicated connections, virtual tunneling protocols, and traffic encryption.
By using a VPN, you can significantly decrease your exposure to attackers on the look-out to identify and infiltrate any confidential data you send and receive over the internet.
6) Set Up a Proxy
A proxy is a dedicated computer software which acts as a middleman between your computer and your Internet connectivity requests.
Heimdal Security, a proactive cyber security software, gives an insight into how a proxy works:
- You type CNN.com in your browser;
- The request goes to the proxy, which verifies it (you can upload blacklists of infected websites that the proxy can use to verify if the website is safe or not);
- If the website which you want to visit is safe, the proxy will show it to you;
- If the website you want to access is malicious, it’ll be blocked.
Although there are many security measures, both for business as well as individuals, it becomes crucial to effectively conduct security testing for their applications.
Security testing is pivotal in a company’s business strategy. To overlook system and information security is akin to business suicide. As crucial as security testing is, and as useful as security testing tools are, the implementation process is highly customized to suit the need of the business. For this reason, it is important to have a trusted software security testing vendor.
Published at DZone with permission of Hiren Tanna, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.