Protecting yourself in a high threat environment

by Jennifer Kennedy.

Western Intelligence services have lost control of a number of ‘cyber weapons’. These are essentially toolkits built around one or more vulnerabilities that the intelligence services have discovered but not disclosed to vendors.

The recent WannaCry ransomware which had such devastating effect on the NHS and around the world made use of one such undisclosed vulnerability.

These ‘cyber weapons’  are crafted exploits available across multiple operating systems (Windows, Apple, Linux) and devices (Android, iPhones, Windows phones).

As a result, the threat environment at the moment is very high and system vendors and security companies are working hard to understand the vulnerabilities and provide fixes or protection. Users need to ensure systems are patched or security products installed in order to benefit from this protection and reduce their risk.

Additionally two further attacks have shown disturbing developments.

  • UCL was suffered a ransomware attack on 15th June this year that investigation showed was initiated by users browsing a site that was running malicious advertising. The attack itself was initiated via an advert that not only made use of a ‘zero-day exploit’ (a vulnerability not known to vendors and therefore not fixed or protected against) but didn’t require the user to click on anything. Around a dozen computers were infected which resulted in the IT department shutting down all network drives in order to contain and eradicate the infection.
  • A further ransomware attack called NotPetya appeared on the 27th June. It made use of the same WannaCry vulnerability in addition to several others. This attack is remarkable because it appears the hackers had no intention of decrypting any of the machines that had been infected. Even those users who dutifully paid $300 received nothing in return.

In this environment it becomes incredibly important that organisations and users take time to ensure their systems are properly protected:

  • Always ensure your machines and devices are upgraded regularly. All major Operating System manufacturers offer automatic updates and this feature should be turned on.
  • Computers and devices should have some form of anti-virus/anti-malware or internet security suite installed.
  • Install ad blockers where possible on all browsers (for more advanced users, look into script blocking add-ons)
  • Don’t use an administrator login as your normal login, create a separate user with normal rights and use that for your day to day use. The more rights your account has, the more damage can be done if it is compromised.
  • Be vigilant and don’t fall for unsolicited attempts to get you to click links, open attachments or perform some other action (especially where there’s an implied or explicit threat or reward)
  • Ensure backups are taken of your most important files. This should be either on a separate system or, preferably, on removable storage.