Innovation in industry: revolution 4.0 and modernization trends
11 Aug 2023
February 2019 | by Sky.One Solutions
The avalanche of recent attacks, such as the WannaCry Ransomware, proves that cybercriminals have been successful in creating new techniques and tactics that easily overcome the traditional security of computer networks.
The global ransomware attack produced in May 2017, which affected more than 200,000 computers in more than 150 countries, scared the dueños of companies and governments around the world. Important services were forced to restrict their operations and leave many people in vulnerable situations, as is the case with some hospitals in the United Kingdom.
The escalation of the attack surprised even the specialists in IT and cybersecurity, who always worked in anticipation of an incident of this seriousness. Security problems like this one make us think: would the adoption of computing on the cloud be compromised and would we tend to abandon the cloud?
The WannaCry attack and its variations are produced due to an exploitation on the computer through the Windows Server Message Block (SMB) protocol, used to share files. This exploit, known as EternalBlue, was stolen from a group linked to the National Security Agency and published on an obscure site. Any Windows computer successfully attacked by EternalBlue would grant the hacker full access to it.
What attracted the attention of WannaCry was the existence of a huge gap in the understanding of organizations about why the management and application of correction patches are so important. Many times the fixes released by operating system manufacturers or any type of software on the market are considered optional or even unknown.
It is important to highlight the importance of keeping legacy and more current systems up-to-date, whenever possible. The fix patch for the security breach problem had been released by Microsoft a few months before the ransomware attacks.
According to MalwareBytes Labs, if the hub was installed the patch on all machines, WannaCry would practically not have reached computer networks, since the initial infections would not be carried out through phishing emails, rather due to the flaw exploited by it ransomware.
Many organizations delay the patch due to fear of affecting the operating systems, and the patches never install or are late. In addition, initial infections often occur because a user opens a phishing email and clicks on a malicious link or opens a corrupt file, which installs ransomware.
The most important defense that an organization can use is user education regarding phishing attacks and the application of well-defined security policies and processes . The education must take place regularly, always demonstrating to users the real risk.
Organizations must accept that the risk of attacks, such as ransomware, will always exist on their networks. So, the key to reducing this probability is the set of security features that can be applied to any structure offered, such as AWS.
As ransomware attacks get smarter, it's important that data protection systems step up. Investing in this area will undoubtedly be a strategy adopted by cloud computing providers such as AWS.
The systems linked to data and disaster recovery, such as the use of backups, are some examples of resources that must be used to guarantee the security of information. If you test them regularly, they are extremely important. Security policies, such as having at least one backup copy physically separated from the main network of computers, are ways to prevent ransomware from spreading throughout the company.
Associated with all this, shared responsibility between providers and customers is essential to minimize attacks. As much as the providers offer new protection solutions and security policies, they are of no use to customers who do not do their part. Definitely, cloud computing will be an ally in the fight against ransomware attacks.
This content was produced by SkyOne's team of cloud and digital transformation experts.