CMYKit CyberSecurity Update: We've got your back!

WannaCry is not over yet

A review of some important background on Ransomware, the WannaCry attack and how CMYKit has got your back!

Welcome to CMYKit’s introductory guide to CyberSecurity, at a time when the whole world is experiencing a dramatic wake-up call with the global headlines made by a malicious software (malware) called aptly called “WannaCry”. WannaCry is a ransomware – malware that locks user files with strong encryption and demands a payment within a deadline to release a software key to restore access to the files.

Welcome to CMYKit’s introductory guide to CyberSecurity, at a time when the whole world is experiencing a dramatic wake-up call with the global headlines made by a malicious software (malware) called aptly called “WannaCry”. WannaCry is a ransomware – malware that locks user files with strong encryption and demands a payment within a deadline to release a software key to restore access to the files.

In fact, this is just a particularly newsworthy instance of a problem that is much more widespread than most people suspect, or want to believe! One of the reasons this ransomware outbreak has made news is the scale of the attack approaching a quarter of a million computers across over 150 countries. Another is a consequence of the impact it had on the UK’s National Health Service.

WannaCry – how do I pay?
WannaCry - how do I pay?

Endangering people’s lives by attacking public health infrastructure had the, perhaps intended effect, of ensuring that the incident got the attention of the global media! The affected machines were all older Windows versions which had not been properly patched (updated to close security holes and flaws in the code) and for various reasons the effort has not reaped those behind it more than an estimated $60KUSD. This seems to suggest it is more of a point being made than a serious attempt at extortion on a global scale. Many of these, less publicised attacks however reap hundreds of thousands of dollars by taking a scattergun approach to infecting millions of at risk PCs around the world on a daily basis.

They do this systematically and indiscriminately, If the data is worth enough for someone to want it returned bad enough they can make a quick several hundred to a few thousand dollars via anonymous Internet payment. The returns are partly ploughed back into continuous development of more and more ingenious ways to compromise systems used all over the world.

We’ve seen it all before, but it’s worse and ever!

From our perspective as providers of IT solutions and business continuity services for our clients is that we all too aware that this is only the tip of a gigantic iceberg; and one that has been plaguing more than just “Big Business” in staggering and ever increasing numbers in recent years.

Ransomware – who’s got your back?
WannaCry - what it looks like

We spend a lot of time fighting off cyberattacks “after the fact” for our valued clients. We do a lot of backup restoration, damage repair and cleanup work to remove malware once it has been discovered doing its worst.
We have also been urging our clients to take a much longer and harder look at their IT defenses due to the increased threat on an almost daily basis for the last few years.

What the latest publicity has meant is that public awareness has been raised to an all time high. Perhaps a virtual line in the sand has been crossed and it has become clear to more than just security professionals that the conventional defenses we have come to accept as a normal part of business software licensing, the commercially available antivirus (AV) products are not up to the job of defending our businesses and personal data alone.

Protected, How?

How the AntiVirus Products fit into the picture.

You will probably be familiar with the names of the companies that have invested in the creation of a whole category of security, privacy and recovery solutions: Trend, Symantec, McAfee, Norton, AVG, Kaspersky, BitDefender and so on. Almost all offer products on a recurring license basis so they can provide ongoing updates in an attempt to stay ahead of the bad guys. Along with a lot of impressive graphics of padlocks and shields, Mr Robot style villains and symbols that look like an outbreak of Ebola or Radioactivity they sprinkle their “security” or “defender” products with adjectives like “total”, “complete” and “ultimate”.

The truth, ever more apparent in the last 12 to 18 months, is that these terms are not only misleading they are inappropriate even as spin. There is no such thing as a “totally secure” computer, that’s like someone in an Alien movie describing an abandoned spaceship as “totally safe”. But not only is “ultimate” security for your “whole” network an exaggeration (even if it were true), it is now clear that such a claim could not even be euphemistically made by a single product.

The reason is that organised cybercriminals are developing techniques and technologies that can compromise a computer system, faster than any individual product can keep out. The “good guys” are being out-paced and out-smarted because they only find out about the exploits after they have been successfully deployed – usually with disastrous consequences for those affected.

Certainly, these solutions provide an excellent service. They are sharing global catalogs of virus, worm and trojan “signatures”, so that an outbreak detected and mitigated in a particular region can be identified readily elsewhere regardless of your AV provider. The use of software that can identify a program by its digital fingerprint or signature, is used in almost every aspect of programming and one of the things that the malware developers have responded with is a system that “wraps” their malicious payload in a randomly generated delivery vehicle so that it cannot be identified as easily (at least until it is potentially too late!).

A fast moving target!

Moving targets, multiple lines of defence.

This kind of development has led to countermeasures that include intelligent recognition of the kinds of things that malware payloads “do” when they start to execute on a target machine. By understanding what is a legitimate system or user process in the context of the current environment there are systems that can make decisions about whether to stop a process before it can get properly started. An example of this we already deploy in a widespread way for our clients is the detection of unexpected encryption routines by the CPU. This could be a sign that a malware is cryptographically locking files to extort the owner. Or it could be a new backup solution the user has intended to install protecting the files. In the case of the former the damage is averted in the latter the legitimate process needs to be ‘whitelisted’ so that the security program knows to let it ‘go about its business’.

There is more to this art than space permits me to go into here, but sufficient to say, the AV products do excellent work and do it better in collaboration – and that is essentially the key to understanding the approach that has to be taken when meeting the threats that are out there every day, crawling the Internet; literally rattling the virtual locks on all the machines connected to the Internet. Only by building a system of components that work together can a viable defense be implemented.

You wouldn’t feel safe in a neighborhood in which your doors and windows were being rattled and tested from the outside by a whole host of criminal entities day and night!

The really sobering reality of the way that the global inter-webs have been designed, and our computers connect to them, is that we live in just such a neighborhood: but it’s dark 24/7 – and you can’t see or even hear the bad guys going at your locks!

Worse, (yes it is I am afraid) most of the windows, doors, hatches and ports we have on our computers – aren’t even locked! Or they are secured with old, out moded and weak locks. Many of these locks are trivial for a determined hacker to defeat. Many simply take time. The nature of the attack may be relatively indiscriminate. Small business people don’t think they are significant enough to be a target. Nothing could be further from the truth. They are perceived as soft-targets. The big banks and corporations have invested a great deal in security, penetration and vulnerability testing, they have rigorous backup, update and patching procedures. They also have disaster recovery plans in place that they practice so they know they work.

Backups are a big part of the plan!

A vast majority of the smaller businesses, which rely just as heavily on their commercial data as their bigger cousins, are neither adequately secured nor do they have backups and disaster recovery plans that would be remotely adequate in the case of a compromise.

This might not matter if the only threats were launched as targeted, determined attempts to steak files or information. But much of the threat that is costing businesses tens of thousands of dollars in lost revenue, time and reputation is launched as a more or less scatter-gun or carpet-bombing approach. The attackers seed innocent looking files, attachments and websites with malicious code and quite literally wait for a bite. This is called phishing and when they decide to get a bit more cunning and target it precisely to a particular industry or demographic it is called spear-phishing.

Be aware that these threats are one mouse click away from executing on your systems and they can and will remorselessly do their worst and use all means available to spread via your systems. Network devices are exposed. Any computer attached can then become a host that infects further machines. Once the perimeter has been breached the malware is able to move about with impunity if it is not detected – and many are designed to be stealthy until they have secured their objective – or until called upon by their remote masters to act as is the case in bot-nets where third-party computers are silently hijacked and then used as unwitting agents in an attack on another party launched by the criminals behind the scheme.

We will go into some of these things in more detail next time but for now please be aware that we have some real defense systems that we can put in place for you right now and maintain and manage so that you get both the insurance and assurance that you have done everything reasonably possible to protect your business, your reputation and your clients.

Download a preview of an effective CyberSecurity solution for your business as a PDF

Call us today to discuss how we can implement a robust, affordable cybersecurity system for you immediately.

Business IT Solutions

Jason Hall

Hi, I’m Jason Hall.

Over the last 25 years I’ve been delivering excellence in IT solutions for a wide range of businesses.

Being a small business owner I understand the real world challenges we all face on a daily basis.

This gives us the unique ability to understand your business and integrate IT systems that work.

Please call us on 1800 CMY KIT (269 548) to organise an obligation free meeting to discuss how we can help your business.

Snap Printing Brookvale - Tony Jones

“We have been using CMYKit for our IT service and resolution of problem issues for some years now and would highly recommend them to any small business.
Jason, in particular, is courteous, prompt and one of the rare IT people that actually knows what he’s about – you do get good value for your money plus a computer system and network that does what it’s supposed to do.”

Sales & Support

CMYKit can support your current range of hardware and software and can also supply other solutions to drive your business forward:

  • PC & Mac workstations and servers

  • Backup
  • Antivirus

  • Networking (Wired + Wireless)
  • Internet
  • VPN (Virtual Private Networking)
  • eMail
  • Web Hosting
  • Domain Names

  • Printing
  • Fax Machines

  • Point of sale systems (POS)