Security firms have suggested that the majority of the machines hit by the WannaCry ransomware worm earlier this month were running Windows 7. More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software. WannaCry has so far infected more than 200,000 computers around the world.
Many have suggested that the reason UK hospitals suffered was because many of them still relied on programmes that required Windows XP – a version of Microsoft’s OS that came out in 2001. However, figures from Kaspersky Lab showed that infections of XP by WannaCry were insignificant. Windows 7 was released in 2009 and the most widely infected version was the x64 edition, which is widely used in large organisations.
Many organisations seem to have been caught out because they failed to apply a patch, issued by Microsoft in March that blocked vulnerability which WannaCry exploited.
Security experts also found that the worm spread largely by seeking out vulnerable machines on the net by itself. Adam McNeil, a senior malware analyst at Malwarebytes, said the worm was primed to look for machines vulnerable to a bug in a Microsoft technology known as the Server Message Block . Mr McNeil said he suspected that whoever was behind the worm first identified a ‘few thousand’ vulnerable machines which were used as the launch platform for the much larger waves of infection.
www.bbc.co.uk (22nd May 2017)
As you may be aware a massive ransomware attack spread across the globe over the weekend locking up thousands of hospital, telecommunications, and utilities systems. Whilst the ransomware was first detected wreaking havoc across the NHS network, the infection quickly spread worldwide with researchers observing 75,000 infections across 100 countries.
What is Ransomware?
Ransomware – a malicious program that locks a computer’s files until a ransom is paid – is not new but the size of this attack by the WannaCry malware is unprecedented. According to specialists the attack used data stolen from the NSA to exploit vulnerabilities in old versions of Microsoft Windows and deliver the WanaCrypt0r ransomware.
So what has happened and how can you protect your organisation from such an attack.
Take care when opening emails and clicking on links
- This is the most important and often neglected aspect of protection. Although the WannaCry infection spread across vulnerable machines via a worm that took advantage of old unpatched machines the infection started from someone opening an infected file in an email. Organisations should have a strong policy for educating staff on what to look out for in emails, web-links and other unsolicited correspondence on their computers, phones and tablets. The number one method for initial infection is via this method and it is easy to stop through good user guidance and practice. IF YOU DON’T RECOGNISE THE SENDER OR THERE IS ANYTHING REMOTELY SUSPICIOUS THEN DO NOT OPEN THE EMAIL – report it to your IT team or delete instead.
Update Windows software and all antivirus
- Ensure that your Microsoft Windows Software is being patched regularly, Microsoft released a patch for this vulnerability in March but many business’s haven’t updated leaving computers open to this attack.
- Ensure that your ant-virus software is up to date and licensed and that any security devices are being used appropriately.
Ensure you back up regularly
- The importance of this cannot be over emphasised as the simplest resolution to an encryption attack is to delete the affected data and restore it from a backup. Backing up to a local device or another resource on the same network is NOT an effective solution as these devices could also be encrypted in the event of an infection. Backing up your data to an external source such as our remote backup service and conducting regular recovery exercises should enable you to recover quickly and not have to pay a ransom limiting the negative effects of such an attack.
Should you require any further information or advice on how to keep safe, do not hesitate to give one of our team a call for a chat. Make sure you are taking the right precautions to keep your business safe and running. Call us on 024 7699 5930 or 024 7669 4489 for any concerns you may have or if you would like a full security review.
Maxine Bridgeman & Jonathan Howells
Peruvians have been getting online using Project Loon, the ambitious connectivity project from Google’s parent company, Alphabet.
Project Loon uses tennis court-sized balloons (about 20km above the ground) which contain a small box of equipment to beam internet access to a wide area below. Only small-scale tests of the technology have taken place so far.
Project Loon is in competition with other attempts to provide internet from the skies, including Facebook’s Aquila project which is being worked on in the UK. Project Loon have recently figured out how to use artificial intelligence to ‘steer’ the balloons by raising or lowering them to ride weather streams. This led to balloons being used to connect people in Lima, Chimbote, and Piura. The balloons were launched from the US territory of Puerto Rico before being guided south.
Over the course of three months the balloons were still providing access with users sending over 160GB worth of data (the equivalent of 2 million emails).
The connectivity (roughly covering an area of 40,000 square kilometres) was enabled with the help of Spanish telecoms giant Telefonica, which operates in Peru, and several other organisations who aided in setting up ground stations that enabled the balloons to connect to the internet.
The technology is still in its early stages, the concept still faces a number of challenges, most related to keeping the equipment in the air.
Some have questioned the motive of companies expanding into the developing world with such vigour – particularly over how both Facebook and Project Loon may be bale to collect data that could later be used to sell targeted advertising.
www.bbc.co.uk/technews (17th May 2017)
Microsoft has released an urgent update to stop hackers taking control of computers with a single email. The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message. Hackers could exploit the flaw simply by sending an infected email, instant message or getting the user to click on a web browser link. Researchers working for Google’s Project Zero cyber-security unit discovered the flaw at the weekend.
The fix has been specially pushed out hours before the software giant’s monthly Tuesday security update.
Windows 8, 8.1, 10 and Windows Server operating systems were affected by the bug. Anti-virus software such as Windows Defender would simply have to scan the malicious content for the exploit to be triggered.
Cyber-security expert Graham Cluley said that Microsoft had acted brilliantly to release the patch so quickly.
www.bbc.co.uk/technews (9th May 2017)
Vodafone has pulled the sale of its paging business to Capita and will shut it down after the competition watchdog threatened to investigate the deal. The Competition and Markets Authority said it was concerned customers may now face price rises. Vodafone said it was disappointed by the CMA’s decision, but made more sense to close the business due to the expense involved with a prolonged investigation. Vodafone said they would do their utmost to minimise the impact on the 1,000 or so customers still using the service.
Vodafone and Capita run the UK’s last two paging businesses and agreed the sale in February. Pagers, a decades-old technology, are still used by many people such as those working in the emergency services because of their reliability, coverage and battery life. They are used by the NHS and the Army as well as lifeboat services.
www.bbc.co.uk/technews (10th May 2017)