Terms like malware and ransomware are becoming mainstream as the threat of cybersecurity grows. On average, organizations suffer two to three focused attacks that breach security each month—attacks they confirmed could take months or even years to detect. Accenture Security is monitoring existing and potential threats and offering deep experience to help organizations build resilience from the inside out. Find out more about the latest malware and ransomware attacks.
Within the last month or so we have seen a number of high-profile cyber-attacks from today's Petya/Petrwap destructive malware, coming hot on the heels of the WanaCrypt0r/WannaCry ransomware attack in May 2017, where systems were infected across 160 countries. Such incidents highlight not only the frequency and sophisticated of cyber threats, but also serve as a reminder of the outcomes of human error.
Whether at risk from blocked e-mails or encrypted company data (until a ransom is paid), companies can take action to reduce the impact of random ransomware:
Adopt proactive prevention: Many, but not all, ransomware attacks are initiated by a disguised trustworthy entity asking for sensitive information via an electronic communication. Known as phishing, employees can be helped to recognize such scams through prevention training and awareness programs. Make it easy for your employees to report fraudulent e-mails quickly, and keep testing internally to prove the training is working.
Elevate e-mail controls: Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Maintain strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and revisit how you configure your e-mail.
Insulate your infrastructure: Stay one step ahead of smart attackers by removing or limiting local workstation admin rights or seeking out the right configuration combinations (virus scanners, firewalls and so on). Also, regular patches of operating systems and applications can foil known vulnerabilities—Microsoft patches related to the WannaCry threat is one of the measures that should be included as part of a normal patching cycle.
Plan for continuity: Having a strong cyber resilience plan for recovery that is regularly reviewed, updated, and tested makes it easier to avoid paying any ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers should not be constantly connected to backup devices, and the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.
Security experts and market commentators alike are voicing their concerns after examination of a power outage in Ukraine’s capital, Kiev, in December 2016 identified a malware framework known as CRASHOVERRIDE or INDUSTROYER. The malware targeted Kiev’s electrical infrastructure via its Industrial Control Systems (ICS) in an unprecedented and sophisticated cyber-attack. The event has serious implications globally, and could prove to be a hacker’s paradise for more than power grids in the near future.
Download our special report for practical steps organizations can take to better protect themselves from future malware attacks like CRASHOVERRIDE/INDUSTROYER.
Alongside the use of digital technologies for enhanced automation greatly increasing hackers’ potential attack surface, aging critical infrastructure support has not always been architected with cybersecurity top of mind. CRASHOVERRIDE/INDUSTROYER targeted circuit breakers and switches hijacking electrical systems from a distance by taking advantage of standard device-level communication protocols, making it almost completely undetectable in the power infrastructure.
CRASHOVERRIDE/INDUSTROYER could be a blueprint for a more widespread and longer-lasting attack. The potential to disrupt energy, water supplies and other critical industries using ICS for automation, in an economic context, could be highly damaging to a company, municipality or nation for a long period of time.
The malware identifies itself as "crash," hence the choice of the term CRASHOVERRIDE/INDUSTROYER. Whoever developed the malware may have been paying homage to, or making fun of, a previously known hacker who used the name "Cr4sh".
Download the report and take practical steps today to protect your organization from future malware attacks like CRASHOVERRIDE/INDUSTROYER.
Assess and isolate
Monitor and detect
Plan and prepare
Ransomware, also known as cryptoware, attacks a company’s data by encrypting it until a ransom is paid—with no guarantees that the data will be decrypted once the payment has been made to the adversary. Threat intelligence and law enforcement agencies warn such attacks are accelerating in frequency and targeting more businesses with increasing ransom demands.
Watch the video and download our special report for practical steps organizations can take to better protect themselves from future ransomware attacks like WanaCrypt0r.
Find out how you can protect your organization against ransomware attacks like WanaCrypt0r. Watch our distinguished panel of security specialists discuss the latest ransomware attack for:
In-depth analysis and remediation of the current WanaCrypt0r/WannaCry attack to prepare organizations for new variants
Practical advice on steps organizations can take to better protect themselves from future ransomware attacks