Cisco Blogs
Share

Agencies not safe from ransomware

- May 16, 2017 - 0 Comments

Last week’s stunning ransomware attack that crippled Britain’s National Health System and hit other organizations in several countries was certainly a dramatic, headline-grabbing event.

And it might not be over: According to the New York Times, the dawning of Monday in Asia brought reports of new cases in Japan, Taiwan and South Korea.

The malware, called “WannaCry,” appears to use technology originally developed by the US National Security Agency, according to reports. Like other ransomware, it encrypts the victim’s data, making it useless until the demanded fee (£415,000 for the NHS) is paid. Then the attacker removes the encryption (or at least, that is the promise) and disappears into the ether.

Image of two phonesFederal agencies can breathe a sigh of relief that — so far at least — the exploit hasn’t hit them. But don’t make it too loud, because there is still time. And even if WannaCry leaves the government unharmed, the next major attack might not. The Federal Government is a frequent target of cyberattacks and attempted intrusions, and a few high-profile cases in recent years drive home the point that agencies need security as robust as any private company.

The Defense Department is squarely in the crosshairs too. DOD reported experiencing 30 million attempted attacks in a 10-month period between 2014 and 2015, or an average of 100,000 a day. Every day.

To minimize the risk of being affected by the ransomware, check out some tips from the Cisco cybersecurity team.

For a snapshot of the state of cybersecurity in the government, download our new white paper that draws from the global 2017 Cybersecurity Report.

Where were we? Oh, yes. Ransomware. For an in depth, technical analysis of the ransomware attacks, read the blog by Talos, Cisco’s industry-leading threat intelligence team. And to learn ways Cisco can help with ransomware protection and ransomware prevention, check out this eBook about our Ransomware Defense solution, comprised of several innovative Cisco cybersecurity products.

As potentially devastating as the ransomware attack is, it’s not even the only serious cyberattack to happen recently. On May 3, an exploit that tricks victims into giving unknown attackers access to their Gmail accounts hit more than 1 million people, and analysis shows that other cloud-based systems are equally vulnerable.

In this attack, a malicious application uses the OAuth protocol and Cloud APIs to connect to Gmail accounts. Imitating a legitimate Google app, it requests permissions to read, send, delete, and manage users’ email and contacts. The victim sees no strange behavior after granting those permissions, but the attackers have access to the Gmail.

Google quickly shut down that attack and said no email contents were compromised. However, the attackers could have taken email contact lists, according to media reports.

Cisco cybersecurity experts will host a webinar on Thursday, May 18, to explain more about this attack and how you can protect yourself.

More than ever, agencies need to tighten their network and IT security. You’ve been reading for decades that cyberattackers are growing more devious and more technologically capable. You’ve probably heard the “arms race” analogy so many times that its mere mention causes your brain to start ticking off items on your mental grocery list instead of continuing to listen to whomever uttered the phrase this time.

However, those warnings have always been true. They haven’t changed in years because the situation hasn’t changed. Cyberdefenses evolve, attack techniques advance, and today’s hackers are more powerful than they have ever been, and after bigger and bigger gains.

Not all cyberattackers are after money, but those who are often find it. As my Cisco colleague Amy Young wrote last week: “The ‘hacker economy’ – estimated to be worth about $1 trillion – is more advanced than you might think. Today, cybercrime is organized crime. New methods of digital trickery are introduced almost daily, many that would fool even the most skeptical user.”

This month, the bad guys got a couple of wins. More often, smart organizations with robust security repel the attacks. It takes perseverance, though—and the right technology partners.

 

 

 

 

 

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share