“This is just the beginning. We are in a cyberwar as we speak,” said Amir Kolahzadeh, founder and chief executive of internet security firm IT Sec. “We expect to see more sophisticated attacks, possibly with targeted demographics or location. Our smart buildings, our smart cars, our smart everything is a target.”
More than 100,000 organizations in at least 150 countries have so far been hit by the WannaCry ransomware attack, including Telefonica, FedEx, Nissan, Deutsche Bahn and the UK’s National Health Service, with experts warning that the attack is a clear sign of the escalating challenges facing cyber security.
One of the largest attacks of its kind, the WannaCry virus exploited a security hole in Microsoft Windows, encrypting common file formats and rendering a PC useless until a ransom is paid.
“Ransomware is a type of malicious software that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it,” said Ghareeb Saad, senior security researcher, global research and analysis team, at Kaspersky Lab.
Ransomware has been very successful recently, becoming one of the main threats of the year. One of the reasons why ransomware is successful lies in the simplicity of the business model used by cybercriminals. Once the ransomware gets into a system there is almost no chance of getting rid of it without losing personal data. Also, the demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable, which is very attractive to fraudsters.”
So far there has been an unknown — but believed to be limited — number of attacks in the Middle East and North Africa, with only Egypt in the list of top 20 attacked countries, according to Kaspersky Lab. It was ranked 19th globally, although Kolahzadeh says a number of unnamed regional institutions have been compromised.
“We have been notified that a few systems that are part of large organizations in mission-critical control infrastructure have been infected,” said Kolahzadeh. “Unfortunately, a version two of the ransomware has been released that bypasses the earlier kill switch that was found.”
Saudi Telecom (STC) denied that its systems were affected after photos were circulated on social media claiming to show infected STC computers, but both Saudi Arabia and the UAE are known to be high-value targets for attacks.
Earlier this month US-based cyber security firm Symantec reported that the UAE and Saudi Arabia were the most targeted countries in the Middle East when it comes to ransomware. The company also found that 30 percent of UAE ransomware victims are willing to pay a ransom, compared with 34 percent globally, despite the country’s Telecommunications Regulatory Authority advising against payment of any ransom.
“These sort of attacks are only avoidable with proper cyber-security awareness training and the correct levels of cyber security, regardless of the size of your organization,” says Kolahzadeh. “Ransomware is extremely dangerous since it is the source of income for cybercriminals. However, it is easily avoidable with proper end-point protection and user awareness.”
Newer and more dangerous versions of the WannaCry virus may emerge, with Windows users urged to install the official patch from Microsoft that closes the vulnerability used in the attack, says Kaspersky Lab. There are also patches available for Windows XP, Windows 8, and Windows Server 2003.
“WannaCry is also targeting embedded systems,” says Saad. “We recommend ensuring that dedicated security solutions for embedded systems are installed, and that they have both anti-malware protection and default deny functionality enabled.”
Such widespread disruption as that caused by WannaCry raises fears of future attacks. And not only ransomware, but all forms of cyber attacks.
On Oct. 21 last year, for example, a cyber-attack brought down much of the internet across large tracts of the US. The attack was the work of the Mirai botnet, which is made up of Internet-connected devices such as digital cameras, routers and DVRs, and targeted the servers of Dyn, a firm that controls much of the internet’s domain name system infrastructure. Dyn remained under sustained assault for the best part of a day, bringing down sites such as Twitter, The Guardian, Netflix, Reddit, CNN and many others across Europe and the US.
“Everything is connected now, from televisions to refrigerators to children’s toys. They are connected to the internet, and every connection is a point of potential attack,” said Dino Wilkinson, a partner at law firm Norton Rose Fulbright (Middle East) in Dubai. “The botnet attack used internet of things devices as a gateway to get in and to control.
“This is the whole issue with autonomous vehicles. Yes they are great, but they are reliant on communications technology, and so they are potentially open to be hacked or breached in the same way as any other piece of connected technology. And hacking into a car or vehicle has quite massive implications.
“We will see more and more of this kind of stuff,” he added. “From our side we are seeing more clients talking to us about preventative support — helping them with policies, looking at insurance and other measures that can protect them.”
The key to remaining safe and free of attacks is vigilance. It is about making sure your systems are up-to-date, that you are careful about what you do on your computer, what you use it for, and what sites you visit.
“My advice to all users is to stay vigilant to emails that are received from external or untrusted sources,” said Amir Kolahzadeh, founder and chief executive of internet security firm IT Sec.
“Do not click on links or open attachments in emails from unidentified and/or suspicious senders. Do investigate the email before opening it. Ensure that an anti-virus software is installed on your personal computers, and always keep them updated. Report any suspicious activities to the IT service desk in your organization. Proactively change your passwords. Ensure they are strong and hard to guess.”
~ Excerpt from Arab News