Cyber warfare starts in the palm of your hand

Polina Hristova reporting for ROCCO

It’s 2017 and we might not have flying cars yet, but we do have increasingly smart machines in various sizes – preferably sizes that would fit in our bags and pockets – because we’re travelling more than ever and it is impossible to get anything done without our phones and computers.

Eventually, as time passes, we become inevitably dependent: all of our loved ones are just a tap away, our bank account information, our shopping list, our entire work schedule, our workout programs, work email and social media accounts which have now turned into an extension of our resume or even a facilitator towards success or a true kamikaze bomb if used unwisely… Our entire lives are unintentionally and unconsciously present in our devices more than ever. Sometimes only a glance at someone’s browser history could tell you a lot more about them than face-to-face interactions and this is why we view personal computers almost as secret diaries – definitely something you cannot open without permission.

But people forget that they are not alone on the Internet. It is the illusion of a quiet evening alone in the soothing darkness that makes it harder to believe that someone might be watching us in our most vulnerable state.

No one can really tell what exactly is the mystery behind our security awareness failure, but a smart machine is not smart if the owner is careless. Even though most come with already built-in security measures, they are not necessarily the best or the most appropriate for our system and some have to be manually activated.

The reality is that we might be living through the first cyber war (https://www.theguardian.com/commentisfree/2016/dec/30/first-world-cyberwar-historians) – it is time to patch up and stay sharp. The same operating systems and software are used for private, public and personal purposes, thus the arising threat of not only exposing your home, family and friends to danger, but also your business, costing you thousands or even millions in damage. It is no joke.

WannaCry/Wcry/WannaCrypt devoured and encrypted the data of over 200,000 computers in 150 countries in a matter of days, extorting payments of $300 and injecting the users with a sense of urgency before the looming threat of the payment doubling if not paid in 72 hours which would ultimately result in the complete destruction of the hostage files. The NHS in the UK, Telefonica in Spain, FedEx in the US, Deutsche Bahn in Germany among others, took a savage hit from the ransomware, as WannaCry would spread on other systems by targeting their vulnerabilities through the TCP port 445 (Server Message Block/SMB) – a complete first report of the problem can be found here (http://blog.talosintelligence.com/2017/05/wannacry.html).

The attack could’ve been completely prevented, had these systems been updated on time or more precisely, sometime after the 14th of March when Microsoft issued a security patch MS-17-010 which would then mend the SMBv1 loophole.

Fortunately, the ransomware was thwarted in its peak moments thanks to MalwareTech (https://twitter.com/MalwareTechBlog), a malware analyst/researcher whom the press has equivocally crowned as the “accidental hero”. How did he manage to stop it? A domain was typed into the code – iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com – which is completely made up but turned out to be the killswitch of the ransomware. As an unregistered domain, the malware was unable to communicate with it and continued with the infection; by registering the domain name, MalwareTech created an exit point and then forwarded it to a sinkhole server where the malware could no longer affect anyone.

Crisis ‘sort of’ averted, now the time to point fingers has come. Several sources claim the bread crumbs lead to North Korea which, of course, has denied such accusations. Top intelligence agencies remain vigilant but skeptical that the $90k acquired in bitcoins would go anywhere – a sum this small is not worth the potential exposure of the perpetrator – so it sits in their digital wallets for now. The popular opinion dictates that bitcoin cannot be traced – wrong. It is the wallets that can’t be identified; all bitcoin transactions are being monitored and you can be quickly caught red-handed in the blockchain.

So it wasn’t even worth the trouble! However, thousands of people lost important files and personal data which they will never recover.

“It’s pretty heartbreaking when all the emails in your inbox not from journalists are people pleading with you to find a way to recover the lost photos of their kids or dead relatives.”

– MalwareTech for Reddit (https://www.reddit.com/r/IAmA/comments/6cmmdf/iama_the_accidental_hero_who_helped_stop_the/?st=j30mtt6n&sh=4e87d6f4)

Can you imagine your business losing years and years’ worth of data over a failure to update your Windows? Maybe follow Troy Hunt’s (https://www.troyhunt.com) advice next time:

  1. Keep your operating systems current
  2. Take patches early
  3. Have a robust backup strategy
  4. Lock down machines
  5. Don’t open suspicious email or attachments
  6. Restrict access to network resources (ransomware can only encrypt what it can access or what machines it can propagate to can access)
  7. Block unnecessary ports (Talos suggests that organisations may have had SMB externally accessible)
  8. Traditional anti-virus is bad at identifying this stuff

Mobile phones have turned into small computers that we use constantly, consciously feeding them with huge amounts of data – launching such an attack on the millions of smartphone users with internet connections out there is also a potential threat and could spread a lot faster than WannaCry did, obliterating thousands of sensitive, personal files and conversations.

Signalling Firewall Market Intelligence

We at ROCCO understand the importance of security and value our privacy – back in April we started a global investigation into Signalling Firewall Solutions for SS7, also within the Diameter protocol and the Evolved Packet Core (EPC) and now are preparing to release the results of the gathered data. The SS7 security flaws became a hot topic in 2014 after their existence was recognised at a hacker conference in Hamburg and we are eager to explore the state of the situation three years later. We interviewed 13 vendors with over 100 questions; the Executive Summary of that report will be shared for free with our database of over 34,000 global contacts and should be available from mid June.