How to Avoid a Cyber Security Threat Like WannaCry
If the WannaCry Ransomware attack has taught the IT community anything, it’s that we live in a world of constant hidden dangers.
The WannaCry ransomware attack which led to NHS patients being turned away and emergency services being re-routed is just the latest example of this persistent cyber security threat in action.
And the biggest, irrational and undeniably essential weak link in this chain? People.
The WannaCry attack infects systems through Microsoft’s implementation of the Server Message Block (or SMB) protocol. SMB is the method by which shared access to printers, networked file servers and other artefacts within a network is achieved. SMB’s ubiquity and criticality are what makes it a prime target for hacks and malicious attacks; it is through this route that the Sony Pictures attack of 2014 was perpetrated.
Specifically, the ransomware makes use of the SMB 1.0 protocol through the EternalBlue SMB exploit, using this route in to install the DoublePulsar backdoor. Once in place, the hack searches the network for other Windows devices with the SMB 1.0 protocol within the network and spreads as you expect a virus would. WannaCry initially gains access to a network through a single machine and spreads from there, click on a suspicious link in a questionable email and hey presto – you’re infected!
SMB 1.0 is a version of the protocol dating back to the 1980’s that had been deprecated from Microsoft’s support since Windows Server 2012r2 (and its equivalent desktop OS, Windows 8.1) back in 2014. The components to enable SMB 1.0 are still part of the Windows ecosystem to allow support of older applications in enterprise environments, but it has been widely known for a number of years that it is insecure, inefficient and well past its use by date. It’s also disabled by default.
The Human Element
Therein lies the human element; during my career I have witnessed the devaluing of the need to update and pivot quickly, resulting in an ironically well-meaning yet lackadaisical approach to patching, upgrading and maintaining. What do I mean by this? It all boils down to the concept of ‘value’.
Pressures to deliver value at the point of interaction leads to ‘architectural runway’ work such as patching and upgrading to be given a lower priority, at least until an attack highlights a weakness and then it’s all-hands-on-deck.
If it’s not a visible bug to the front end user or an improvement that can add the eponymous ‘wow factor’ to a product, then it invariably is a lower priority. How else do you ensure your products stand out from the crowd? How do you justify the expense and the downtime? How do you articulate the risks without an event to crystallise them?
We react, not proact.
Safer and Smarter
Obviously, there are strategies to mitigate the risk of encryption attacks like WannaCry such as a backup strategy that divorces the retained version from the primary solution. A safer way is to ensure your backend systems are patched and secure, and all communication protocols are robust and modernised. This is a task I know from professional experience is easier said than done. A smarter way is to minimise dedicated servers altogether, embracing PaaS and SaaS solutions hosted in the cloud.
Using Microsoft Azure as the exemplar, the SMB 1.0 protocol is not supported by a single platform or service component – the closest you get is SMB 2.1 or 3.0. Patching and maintenance of the underlying Windows OS powering some services is handled by the cloud provider, and the WannaCry patch has been in place on these services since March 2017, making infection impossible.
And finally, there’s the simple fact that no matter how big your IT budget is, it’s more than likely a drop in the ocean when compared to the vast resources and skill available at the like of Amazon and Microsoft. Swallow your pride, accept what you know is true in your heart and repeat after me; “They are better at cyber security than we are.”
It’s important that the IT community accepts there’s an endemic problem with the maintenance and update of assets under our purview, particularly in industries where IT is still regarded as an ill understood and expensive line on the balance sheet. Cloud adoption is often curtailed by the view that the cloud is insecure, I think this conversation should be turned on its head. Let’s take advantage of the shared learning of supporting and securing thousands of solutions worldwide.
After all, if the cloud is secure enough for eBay, Boeing, Geico and Symantec, it’s probably OK for you.
If you are looking to ensure your database warehousing and technology landscape are up to par why not get in touch with us!