Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Cyber-attacks to the left, ransomware to the right

June 2017 Editor's Choice, Information Security, News & Events

by Jonathan Care, Gartner research director

With Petya sweeping the globe and proving that we all need to be agile and responsive to the new unknowns, here are some tips for preventing future nasties like WannaCry and Petya which are now making use of ETERNALBLUE and related advanced exploit code.

Prevention tips

1. The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations.

2. Many Windows systems are configured to automatically reboot if it crashes. You can disable this feature in Windows. If you can prevent the MFT from being encrypted, you can still recover your data from your local disk. 

Unlike WannaCry, Petya is a different kind of ransomware. Common delivery methods are via phishing emails, or scams. The payload requires local administrator access. Once executed, the system’s master boot record (MBR) is overwritten by the custom boot loader, which loads a malicious kernel containing code that starts the encryption process.

Once the MBR has been altered, the malware will cause the system to crash. When the computer reboots, the malicious kernel is loaded, and a screen will appear showing a fake Check Disk process. This is where the malware is encrypting the Master File Table (MFT) that is found on NTFS disk partitions, commonly found in most Windows operating systems.

It is when the machine is rebooted to encrypt the MFT that the real damage is done.

Protecting your organisation

Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.

• Consider disabling SMBv1 to prevent spreading of malware.

• Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know.

• Ensure you have the latest updates installed for your anti-virus software, vendors are releasing updates to cover this exploit as samples are being analysed.

• Ensure you have backup copies of your files stored on local disks. Generally, user files on local drives are replicated from a network share.

• Prevent users from writing data outside of designated areas on the local hard disk to prevent data loss if attack occurs.

• Operate a least privileged access model with employees. Restrict who has local administration access.

What strategic lessons can we learn?

We must take a step back and examine not only the what now? response, but also the what next? – in other words, what does the avalanche of malware and other advanced attacks tell us?

Our existing traditional trust models don’t work. With more critical assets moving to cloud, believing that the data centre is safer is a false philosophy.

• The idea that security practitioners can do any kind of one-time risk assessment and sign off is flawed, and opens the door for future attacks.

• Trust and risk require continuous re-validation, and a one-time evaluation/accreditation is no longer fit for purpose.

• Adaptive systems providing advanced monitoring and analytics are key.

We need to spend more – but on what?

The BBC has reported that there are calls for a massive increase in cyber security spending, and it’s certainly true that many organisations have avoided spending money on cyber security for some years. Elsewhere, CSO online has described the impact of not having nearly enough cyber security professionals. So, we need more competent, trained and enthusiastic professionals, and we need better systems that can analyse, detect and highlight threats requiring intervention.

A lot of people are throwing the ‘cyber’ word around now (and it does sound more fun that ‘IT Security’, or ‘Computer Security’). But cyber– has become a very wide term, including:

Secure software engineers

• Security evangelist

• Security architects (and there’s a wealth of division on what secure architecture actually is)

• Security operations engineers

• Incident responders

• Penetration testers

• Digital forensics specialists

• Network engineers who understand security

• Firewall engineers

• Application testers

• Wireless security engineers

• Risk management experts

• SecureDevOps

• Security awareness

Add to that, project managers, programme managers, administrators and the entire caboodle of corporate governance wrapping around the people at the sharp end. We know that budgets are limited (otherwise they wouldn’t be budgets) and so we need to decide what to spend our money on, and how to get the most out of our people.

Security and risk will be further discussed with local CTOs and CSOs at the Gartner Symposium/ITxpo taking place in Cape Town from 18 to 21 September.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
Standards for fire detection
Fire & Safety Associations Editor's Choice
In previous articles in the series on fire standards, Nick Collins discussed SANS 10400-T and SANS 10139. In this editorial, he continues with SANS 322 – Fire Detection and Alarm Systems for Hospitals.

Read more...
Wildfires: a growing global threat
Editor's Choice Fire & Safety
Regulatory challenges and litigation related to wildfire liabilities are on the rise, necessitating robust risk management strategies and well-documented wildfire management plans. Technological innovations are enhancing detection and suppression capabilities.

Read more...
Firexpo 2025 ignites interest in fire safety
Fire & Safety News & Events
Firexpo 2025 showcased fire detection, suppression, and safety tech, drawing professionals eager to explore innovations, gain insights, and connect with suppliers.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.