Cyber haunting we will go
With Halloween less than two weeks away, forget haunted houses, Walking Dead parties and masks that drip ‘blood’. Ransomware that can encrypt all your data files – and even your servers if you’re unfortunate enough to have one of your system administrators targeted – is far more frightening.
Given all the ghoulish things October evokes, it’s apt that the US Department of Homeland Security has designated this month National Cyber Security Awareness Month. The suggested focus for this week (Week 3) is critical infrastructure and the internet of things, which highlights the importance of properly securing all devices, including household items, that are connected to the internet.
Ransomware first made its appearance late last year. There are now roughly 600,000 infections and the count is growing rapidly, according to Stu Sjouwerman, founder and CEO of KnowBe4, a provider of web-based security awareness training focused on employee security education and behavior management to small and medium-sized enterprises.
A particularly scary new version of ransomware called CryptoWall 2.0 went live on October 1 and is using the anonymous TOR network to attack consumers and businesses. TOR stands for The Onion Router, so named for the multiple layers of websites and other internet protocol (IP) addresses a hacker’s email goes through before ending up at its target destination. Earlier versions of CryptoWall used HTTP, which allowed researchers to analyze the communication trail and take down servers used to deliver the malware. But the new version makes it ‘hard to trace where the user is coming from [because] TOR obfuscates the source of the visit or the attack,’ explains Sjouwerman.
In a panic call to KnowBe4 on Monday, an IT administrator reported a CryptoWall attack that crippled not only his workstation but also his company’s entire server farm within one hour. Unable to wait the several days it would take for his system’s backups to recover the data and allow the company to get back to business, the administrator paid the ransom, which amounted to 1.3 Bitcoin, or about $500. But for anyone who doesn’t already have a Bitcoin account it can take up to four days to download a Bitcoin wallet and buy some Bitcoin, Sjouwerman warns.
A $500 ransom may not seem like much, but Sjouwerman points out that hackers using CryptoLocker, the first kind of ransomware to appear, made $27 million within four months in increments of $500. KnowBe4’s training ‘focus[es] on building a human firewall because employees are the low-hanging fruit,’ he says. It takes hackers much less time and effort to create an email that tricks employees into clicking on a link than to find vulnerabilities in a website, he adds.
Sjouwerman urges IT administrators to take these three steps to minimize vulnerability to malware attacks:
• Make regular backups and have a backup off-site as well. Test your restore function regularly to make sure your backups actually work.
• Patch browsers as soon as possible and keep the number of plug-ins as low as you can. This diminishes your attack surface.
• Guide all users through effective security training to prevent malware infections to start with.
Sjouwerman also advises end-users not to open any email unless they are expecting it and, using a mouse, hover over an email address to make sure it’s from a valid domain you know and recognize. He calculates that hundreds of thousands of companies are being targeted specifically, so it’s probably a good idea to alert employees to Cyber Security Awareness Month and follow some of the recommendations on the Department of Homeland Security’s website. Companies should also look into cyber-security awareness training for their workforce.