Showing posts with label Ramsomware. Show all posts
Showing posts with label Ramsomware. Show all posts

Wednesday 16 June 2021

Ransomware Prioritize Prevention Then Pursue Prosecution – Part 2

When You're This Far Gone
It's No Wonder You Don't Hear the Wake-Up Call
And a "Sobering Fact" Is Likely to Have No Effect

In Part 1, I outlined (yet again) the above point: hardening the target should be the priority.

In this post, I will hit that downed horse several more times. 

Hopefully demonstrating that with respect to prevention there is quite a bit of low hanging fruit.

Please note that only the first point below directly relates to Mr. Younger’s opinion piece in the FT.  

Russia

Mr. Younger had and perhaps still has access to secret information that makes him better placed than me to make an assessment about the links between ransomware hackers and the Russian Federation.

And as well to draw the conclusion that securing the cooperation of the RF will be a key element in stopping attacks.

His comment may be read to imply that the Russian Government

  • is more capable of controlling crime originating inside its borders than other countries are within theirs (that, I’d note, would be a remarkable achievement), or

  • that there are bonds between the hackers and certain organs of RF state security or

  • perhaps both

In any case, if the hackers were expelled and are motivated by profit, wouldn’t they simply pack up and go elsewhere?

Or in a demonstration of the intense competition in the “free market”, wouldn’t other countries’ enterprising hackers step up to fill the void?

From time to time, countries are “ranked” for the amount of “malevolent” internet traffic they originate.  

Perhaps, these reports may identify potential candidates?  

I didn't include all the countries named. 

You can look at the reports cited below for additional country names.  

One point to keep in mind. 

It’s unclear if these reports are based solely in IP addresses or if there are other metrics.

Like VPNs proxy servers can make one appear to be in a country when one is not. Proxy server chains can create even more difficulty in locating a person or entity.

Matthew 7:7  Just one day after I posted this, Auntie answered.  Still a great deal even at GBP 159 a year!  https://www.bbc.com/news/technology-57504007

According to this report in 4Q2012, the PRC was responsible for 41% of “global attack traffic” on the internet, the US second with 10%, and the RF in fourth place with 4.3%.

According to another report, in 2016 China led the pack with 27.2% of cyber attacks (this is a subset of malicious traffic) the US with 17.12%, Turkey 10.24%, Brazil with 8.6%, and Russia with 5.14%.

According to this report for May 2019, “China, Russia and Ukraine appear to be active in a wide variety of hack attempts, including root kits, ransomware, brute force attacks and a wide variety of malware.”

State Intelligence Operations versus For Profit Criminal Hacking

It’s important to keep this distinction in mind when looking for solutions.

While finance is my provenance, I’d venture to guess that eliminating spying is even harder than eliminating organized crime.

According to what I read in the media, even allies spy on one another.

I’d also venture that countries are not going to allow the extradition of their intelligence operatives to a foreign country. 

What about criminals?

The definition of “criminal” can be tricky—to use a shared finance and legal term --particularly when it comes to matters of state security.

Unauthorized access to state secrets, secret internet or communications systems and physical sites is a crime.

In such a case one might revise the statement about “terrorists” and “freedom fighters” to: 

One country’s cyber spy is another country’s cyber criminal.

So what is to be done?

Prevention may offer a higher prospect of reducing risk than after the fact prosecution. Though prosecution should not be abandoned.

The Sophisticated “Hacker”

There seems to be a general perception that hackers are an incredibly brilliant lot.

Think of an evil twin from a soap opera.

A “rogue” Bill Gates, Linus Torvalds, or Larry Page.

That’s not always the case.

Much of the hacking takes place by the equivalent of opening an unlocked door or open window.

Those tools are fairly simple to program.

And for the lazy available for purchase on the web, or so I am told.

Here is a CISA alert from 6 May of this year.

More sophisticated hacking software is often developed from undisclosed flaws in existing software or systems that the hacker has purchased from someone else clever enough to discover them.

Here’s an article these “flaws” or zero day exploits.

Here’s another on how these sort of exploits were used to hack IOS in February 2020.

And there are other ways.

According to security experts the WannaCry ransomware attack was made possible by using information from some NSA software that Shadow Brokers illegally acquired and then put up for sale.

The Somnolent/Negligent Target

Here’s where we get to the really uncomfortable part – taking responsibility.

Lot of attacks are successful because targets left their doors unlocked and windows open.

WannaCry was facilitated because many users hadn’t upgraded from Windows XP.

As is common practice, after a certain amount of time, software vendors stop “supporting” old software. That includes providing security patches for known vulnerabilities.

You’ll see that same failure mentioned regarding some of the 2018 ransomware attacks in the USA.

Another is failure to install patches and updates that are provided by the vendor. 

That is, perhaps even more egregious. One doesn’t have to plunk down money for a new bit of software, but merely install a “patch” from the vendor.

Pulse Secure VPN appears to be our poster child here.

First, an article from AP about breaches this year.

Here is a CISA alert from 15 April 2020 which is an update from 10 January 2020. 

Take a look at the timeline outlined in this report.

You’ll notice the vendor made its first wake-up call in January 2019. That was followed by several “sobering facts” from a variety of sources.

Both of these incidents may be a salutary caution to those whose mobile phones no longer receive software updates or security patches. Or those who have ignored a message to update their phones.

I’ll upgrade this comment later to “a wake-up call” or “sobering fact" later.

As you will notice from the FT article cited above, WannaCry was described as a “wake-up call”.

That the somnolent didn't and don’t answer.

Perhaps the solution is a louder ring tone? Voice mail?

Not bloody likely! (See picture at the head of this post).

Stricter government requirements and robust penalties for failure to adhere to them are likely to get more attention and responses.