Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Preventing malware infections in critical networks

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,606
Reaction score
126
One of the most widely-publicised and damaging cyber attacks to hit critical national infrastructure (CNI) in recent years was the WannaCry ransomware attack.

It dominated headlines after striking on 12 May 2017 and was best-known in the UK for the damage it caused to the NHS where it locked out crucial systems based on older, unpatched versions of Windows. WannaCry encrypted the hard disks of affected systems and demanded payment to certain Bitcoin accounts to release the data.

Infrastructures crippled


CNI entities often suffer targeted attacks from various actors trying to gain control of critical assets or cause disruption in what are usually politically motivated attacks rather than criminal campaigns. However, WannaCry was undiscriminating, spreading itself wherever it found a foothold.

CNI organisations reportedly affected included petrochemical firms in Brazil and China; government agencies in India, China, Russia and Romania; telecommunications companies in South Africa, Brazil, Hungary, Saudi Arabia, Portugal and Russia; and transport operations in Germany, the USA and Russia.

Although the intent in this instance appeared to be criminal rather than political, key national cyber security agencies concluded that WannaCry had been developed and released by a North Korean state-backed group, so widespread disruption may have been the ultimate goal. Cyber risk assessment company Cyence initially estimated that worldwide losses would amount to $4bn, before upping that to $8bn a few days later.

Lessons learned


WannaCry exploited a flaw in an underlying messaging system used by Windows operating systems, for which Microsoft had issued patches two months prior to the attack. Systems that were compromised were those that hadn’t been updated regularly, underlining the importance of a cyber hygiene regime that includes regular updates. It also highlighted the difficulties of patching legacy systems, particularly with custom-built equipment controlled by PCs that have become obsolete.

Another important aspect of WannaCry that’s particularly relevant to government and CNI organisations is that cyber espionage played a big part in its development. The mechanism it used to spread quickly around networks had initially been created within the USA’s National Security Team (NSA), which was stolen by hackers who sold it through the dark web.

The crucial learning point here is that it’s not enough for infrastructure organisations to reinforce defences against disruptive attacks; they must prevent data theft and other breaches too. Fortunately, one benefit of Nominet’s NTX technology is that it can spot and block ‘data exfiltration’, a technique whereby data is hidden inside DNS packets so that it can be moved out of the organisation.

When Nominet NTX is used as a key component of a comprehensive cyber hygiene policy, it can help protect critical networks from disruption and data theft.

Detecting and blocking malware


Nominet’s cyber security tools protect the heart of the UK’s internet infrastructure and UK Government bodies from cyber threats already, but how is it achieved?

Nominet’s NTX platform monitors and analyses DNS traffic – the system that converts domain names to numerical IP addresses to direct data and requests to the right places. Organisations have huge numbers of DNS packets flowing through their networks and many don’t have the time and DNS expertise to hunt through it all for the tell-tale signs of malicious activity.

The NTX platform presents the overall health of DNS traffic on a network in a graphical format that highlights problems at a glance. Data can also be fed into a security information and event management (SIEM), where organisations have one.

Malware programs like WannaCry often try to communicate with command-and-control servers and once the addresses of those servers are known, filters can be set up to trap any requests for those addresses. The platform will prevent WannaCry from contacting those servers and identify the IP addresses of contaminated systems so that they can be dealt with.

In addition, the smart heuristics built in to NTX technology detect anomalies that deviate from normal traffic and highlight them immediately to security teams.

Further help and information


To delve further into how Nominet NTX detects and prevents infections from malware like WannaCry, take a look at our technical whitepaper: “Tracking the WannaCry Ransomware

For a clear overview of the cyber threats faced by CNI organisations on a daily basis, take a look at our two-minute animation that puts everything into perspective. (LINK TO GATED VIDEO)

The post Preventing malware infections in critical networks appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Acorn Domains Merch
MariaBuy Marketplace

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    @Admin please enable the chat visible to unregistered users, or who haven't signed in their accounts. Tx
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
      C AcornBot: cav has left the room.
      Top Bottom