RESEARCH, ANALYSIS & TRENDS






































             Naiveté, inadvertency and laziness

             provide perfect breeding ground for


             ransomware, like WannaCry


            More and more networked devices, professionalized    hackers to get past the perimeter, especially in an open
            hacking groups, and the development of sophisticated   environment which is commonplace for most organiza-
            malware become a growing challenge for security man-  tions today. By implementing a defense in depth ap-
            agers as attacks are pushing the boundaries of tradition-  proach, even if the hacker finds a way to break in, they
            al security solutions.                               won’t be able to steal, or hold hostage, what’s inside”,
                                                                 Irdeto’s expert explained.
            The significance of the current threat level is obvious
            when looking at the headlines of the past few days. The   The increasing spread of memory-based attacks has
            WanaCrypt0r 2.0 (also called WannaCry,               been considered as particularly threatening: So-called
            WannaCrypt,  Wana Decryptor or WCry) ransomware      ‘in-memory’ attacks use malicious programs that are
            attacks clearly put the cat among the pigeons by target-  only active in the memory and are executed there by
            ing organizations that didn’t take cybersecurity serious   legitimate software. Because no malware files remain
            enough. It is believed to derive from NSA hacking tools   on the hard drive, memory-based attacks are very diffi-
            that were leaked earlier this year now even North Korea   cult to detect afterwards. After a system reboot, for in-
            is suspected to be the blackmailer.                  stance, nothing can point to the previous attack. Static
                                                                 and antivirus solutions targeted at the detection of files
            Anyway, according to Ben Gidley, Director of Technolo-  are helpless in attacks of this kind and therefore practi-
            gy, Irdeto, these ransomware attacks could have easily   cally superfluous.
            been avoided if organizations had their systems patched
            properly and implemented a defense in depth approach   While the number of traditional .exe-based attacks de-
            to cybersecurity. He stated that “a patch was issued on   creased somewhat, the number of file-less attacks has
            March 14 to fix that vulnerability, so the organizations   more than doubled and a further increase is expected,
            affected by these attacks could have easily avoided be-  according to reports. Particularly, foreign-intelligence
            coming the latest ransomware victim. However, this neg-  agencies increasingly rely on such disguised attack
            ligence has resulted in PCs and data across several or-  methods, which do not leave any artefacts on the file
            ganizations to be held hostage.” “Currently, most compa-  system and therefore have particularly high infection
            nies focus on protecting their systems from the outside-  rates.
            in with strong perimeter security. But it’s too easy for
      10            May 2017 - (Cyber) Security & Data Protection