Archive

Go to:

December 2017
SMTWTFS
12
3456789
10111213141516
17181920212223
24252627282930
31
< Nov Jan >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

What You Need to Know about the New Evolution in Viruses
Wednesday, August 16, 2017 6:35 AM

Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources

The barrage of viruses continues with WannaCry and Petya making a world-wide impact. The latest stream of ransomware and viruses don’t discriminate as they impact many industries and people around the world—a reminder that we are all vulnerable and that cybercriminals are just a step ahead. Understanding what happened in these cases is important so we can keep up with their tactics and adjust accordingly.

By now you know the simple rule of not using "password" as your password. Just behind this advice, is "update your software." If you keep up with your patches, good for you; but now, it turns out the patch was the culprit for delivering the Petya virus.

Wired reported that:

“Security researchers at ESET and Cisco's Talos division have both published detailed analyses of how hackers penetrated the network of the small Ukrainian software firm MeDoc, which sells a piece of accounting software that's used by roughly 80 percent of Ukrainian businesses. By injecting a tweaked version of a file into updates of the software, they were able to start spreading back-doored versions of MeDoc software as early as April of this year that were then used in late June to inject the ransomware known Petya (or NotPetya or Nyetya) that spread through victims' networks from that initial MeDoc entrypoint. This disrupted networks from pharma giant Merck to shipping firm Maersk to Ukrainian electric utilities like Kyivenergo and Ukrenergo.”

“One reason hackers are turning to software updates as an inroad into vulnerable computers may be the growing use of "whitelisting" as a security measure, says Matthew Green, a security-focused computer science professor at John Hopkins University. Whitelisting strictly limits what can be installed on a computer to only approved programs, forcing resourceful hackers to hijack those whitelisted programs rather than install their own.

"As weak points get closed up on the company side, they’ll go after suppliers," says Green. "We don't have many defenses against this. When you download an application, you trust it."

The worst reaction your credit union can have right now is to say, "Great, now we aren’t going to patch." Patching is still critical and safe for Windows, Cisco, Java, etc. The reason is, these developers use codesigning, which makes tampering with the update significantly more difficult.

So as technology continues to evolve, so does our due diligence over vendors. Perhaps adding confirmation that your data processor’s updates are codesigned may not be a bad idea. 

Feel free to contact me directly at irafiq@curesources.coop, if you would like help determining if your credit union is taking proper proactive security measures, ensuring you will satisfy examiners, or not wasting money on needless testing.