Live threat demonstrations have been part and parcel of the Fortinet Security 361°
symposium since 2012, and this year was no different. At the symposium
in Singapore, Eric Chan, Pre-sales Consulting Director, Fortinet APAC,
showed how ransomware operates as well as how a seemingly-secure Wi-Fi
network can be hacked as an illustration of how threats can occur.
Chan noted that ransomware has been a very hot topic recently, and very profitable for cyber criminals. Media reports state that about 40% of enterprises have experienced it in the UK while popular ransomware Cryptowall raked in some US$325 million in the last year, he said. The malware inhibits endpoint operation, then demands a payment to return the device to normal operations.
While the first known ransomware was AIDS or PC Cyborg, written in 1989, new variants are arriving on the market due to the sheer profitability of the malware, Chan said. The first known mobile crypto-ransomware for Android was discovered in June 2014, while the first Mac OSX ransomware, KeRanger, was only discovered in 2016. Ransomware completely coded in JavaScript was also found in 2016. Macro files were used previously.
The more benign form of ransomware simply locks the screen and does not do real damage to the machine, but the encryption variant will encrypt all files and data, only releasing a decryption key after a payment is made, typically in form of Bitcoin. Ransomware can be installed in many ways, including via software updates, Chan said.
Chan showed how a 2015 ransomware called Jigsaw works. The malware
renamed all files - including shared files - with a new file extension,
encrypted them in under 10 minutes, then made a request for payment. A
file will be deleted every hour if US$150 worth of Bitcoin is not paid.
Best practices to protect against ransomware include:
1. Develop a backup and recovery plan. Make multiple backup copies and store them in different locations as network files will also be encrypted by ransomware
Chan explained that the CIOs are right to worry. While the recommended security setting for Wi-Fi networks according to vendors is WPA2 (as opposed to WEP and WPA), even WPA2 can be hacked. A live demonstration of how the 'Evil Twin AP' method can be used to compromise a 'secure' Wi-Fi network and steal its WPA2 key followed.
Software that is readily available from the open source Github.begins by jamming the target Wi-Fi network:
Best practices for securing wireless networks
Read the Fortinet blog post on 10 steps to protect yourself from ransomware
Read the other TechTrade Asia blog posts from the Fortinet Security 361° symposium in Singapore:
Practical steps to cyber resiliency
Chan noted that ransomware has been a very hot topic recently, and very profitable for cyber criminals. Media reports state that about 40% of enterprises have experienced it in the UK while popular ransomware Cryptowall raked in some US$325 million in the last year, he said. The malware inhibits endpoint operation, then demands a payment to return the device to normal operations.
While the first known ransomware was AIDS or PC Cyborg, written in 1989, new variants are arriving on the market due to the sheer profitability of the malware, Chan said. The first known mobile crypto-ransomware for Android was discovered in June 2014, while the first Mac OSX ransomware, KeRanger, was only discovered in 2016. Ransomware completely coded in JavaScript was also found in 2016. Macro files were used previously.
The more benign form of ransomware simply locks the screen and does not do real damage to the machine, but the encryption variant will encrypt all files and data, only releasing a decryption key after a payment is made, typically in form of Bitcoin. Ransomware can be installed in many ways, including via software updates, Chan said.
 |
| The encrypted files cannot be read - Windows asks which program should be used to open them. |
 |
| The ransomware informs the user that all files have been encrypted as part of a demand for money. |
Best practices to protect against ransomware include:
1. Develop a backup and recovery plan. Make multiple backup copies and store them in different locations as network files will also be encrypted by ransomware
2. Use multilayer defense in depth
3. Keep software up to date and 'always patch today'
4. Use application whitelisting
5. Segment your network into security zones
Chan
also suggested that companies adopt sandboxing technology as part of
their multilayer defenses as sandboxing can analyse files and flag
suspicious activity. He further advised the audience not to click on links in suspicious
emails, as it turns out that 93% of phishing emails contain some form of
ransomware.
The wireless security risk remains high, with many people still using insecure Wi-Fi networks and unaware of the risk, Chan said. He pointed to media reports that at the Rio Olympics, it was found that about a quarter of Wi-Fi networks around Olympics in Rio are insecure.
Fortinet's Global Wireless Security Survey has also discovered that 92% of CIOs are concerned their wireless security is not good enough, Chan added.
The wireless security risk remains high, with many people still using insecure Wi-Fi networks and unaware of the risk, Chan said. He pointed to media reports that at the Rio Olympics, it was found that about a quarter of Wi-Fi networks around Olympics in Rio are insecure.
Chan explained that the CIOs are right to worry. While the recommended security setting for Wi-Fi networks according to vendors is WPA2 (as opposed to WEP and WPA), even WPA2 can be hacked. A live demonstration of how the 'Evil Twin AP' method can be used to compromise a 'secure' Wi-Fi network and steal its WPA2 key followed.
Software that is readily available from the open source Github.begins by jamming the target Wi-Fi network:
 |
| Chan notes that the original Wi-Fi network has been jammed, so pings on the screen behind him show that requests have timed out. |
 |
| The original FTNT 361 network which has been jammed says there is no Internet access, while a fake network with the name FTNT 361, which is open rather than secured, is now displayed. Users are likely to try clicking on the open network, which after all has the same name as their network. |
 |
| Once users select the fake network, they are presented with a generic login screen which requests the Wi-Fi password. Keying in a wrong password elicits an error message, as the rogue software attempts to log into the jammed network to confirm if the password is correct. Once the correct password has been entered, the rogue software re-enables the original network and deletes the fake network. The hacker can now make use of the original Wi-Fi network at any time. The user automatically reconnects to the original Wi-Fi network, and is none the wiser that hacking has occurred. It would seem that entering the correct Wi-Fi password has given access to the original Wi-Fi network. |
Best practices for securing wireless networks
1. Use WPA2-Enterprise whenever possible - requires username plus pw
2. Enable Rogue AP detection - detects similar network names
3. Use wireless intrustion prevention systems (IPS)
4. Separate staff and guest Wi-Fi SSIDs (networks with different names)
5. Periodic security assessment and penetration testing
6. Proper segmentation and inspection of the wireless (multi-SSID) and wired networks
Interested?
Read the Fortinet blog post on 10 steps to protect yourself from ransomware
Read the other TechTrade Asia blog posts from the Fortinet Security 361° symposium in Singapore:
Practical steps to cyber resiliency
posted from Bloggeroid
The article was of great help! To get acquainted with similar topics follow this link Wannacry Ransomware. The website not only outlines easy removal steps to get rid of computer virus but also provides a great platform to upgrade your knowledge on trending technological updates http://www.virusremovalguidelines.com/news-update . So if your system is infected by any type of malware, don’t panic. Just follow the instructions provided in our website to get rid of the nasty system infection and keep your system risk free.
ReplyDelete