One weekend in 2017, the news was full of reports of a cyber attack called ‘WannaCry’ which disabled computers in many NHS hospitals. But the attack was more widespread than that; many business across 150 countries were affected. Could the next victims include your business?
It’s a well-known fact that the weakest link in any business, is its employees. People have a habit of blindly opening attachments, clicking on links in emails and generally engaging in behaviour which may compromise the security of your business.
Hackers are aware of this human fallibility, and take full advantage of it.
One of the cleverest ‘spoof’ emails we’ve seen recently appeared to come from BT. It was styled up as a BT email – very convincingly too – with everything exactly as you might expect from a genuine email. Most of the links in the document were to the genuine BT site… except one. The one critical link; the link which was supposedly to ‘View your bill’ pointed to a completely different web address, something like this:
https://prmintacc-my.sharepoint.com/personal/estrella_intacc_com_au/…….rest of link removed
Obviously the above link is nothing to do with BT, but most users wouldn’t even look at the link before clicking on it. Clicking the link would probably start a download, resulting in some form of virus – a piece of Malware or Ransomware – being installed. It may not cause a problem immediately, but you can bet that at some point, it will disable the computer and begin demanding a ransom, or threaten to delete all of the files on the computer if the ransom is not received. This situation is exactly what happened to the NHS and the thousands of other companies.
Contrary to the ‘information’ which is all over the media at the moment, patching and/or updating Windows will NOT solve the problem entirely. Microsoft itself is partly responsible for this mis-information, as it has commercial benefits.
The answer lies in educating your staff. If you and they obey the following basic rules, the risk of infection will be much reduced:
- Install a good anti-virus system, and keep it up to date
- Never click a link in an email, even if it is from a ‘trusted sender’ without checking it first. Emails can appear to come from ‘trusted senders’ but may have been sent with their name on it, by a virus on their own computer
- Check with the sender themselves (using the phone, if you have to!)
- Check both the Sender and the Reply addresses
- Check that any links in the email go to an expected place: odd links such as the example above should never be trusted.
- Never open an unexpected attachment, even if it appears to be from a ‘trusted sender’.
- Always check attachments: if it’s an .EXE file you should NEVER open it.
- ZIP files, DOCX/DOC, XSLX/XLS files can also be suspect.
- Always log in to websites using your browser; NEVER click a link in an email which takes you to a login page
- Take REGULAR backups: if the worst does happen, then you have a clean backup to go back to
REMEMBER, if in doubt, DO NOT open any link or attachment from an email.
More info about the WannaCry Ransomware
This virus has two attack vectors. The main one which will affect users is the phishing email whereby the user is sent an email that looks genuine but is not. The links, buttons and login options route to a hacker, or application that then runs on your machine. These can either be spread through an email, or a website.
The second vector is either as a result of the above user breach, or you are already affected where the virus scans port 445 for a vulnerability on an un-patched Operating System. There was a flaw in the Windows Operating System on port 445. A computer, once infected with the WannaCry virus, would scan systems and the Internet for open 445 ports and try to spread. So technically you could get infected by having a flawed Operating System with an open 445 port.
Note: Most SME’s don’t have this, so the only risk will be a phishing email, or website.
Most users will have their computers behind a firewall which by default will block incoming traffic but allow outgoing traffic. For the most part businesses will be protected against the port scanning element of this virus. Larger companies less so by the very virtue of the attacked this weekend.
How can you protect yourself against these types of attack?
Sadly there’s no one-click solution and the only real solution is user education (see above).
The news today tells us updates and patches will protect you. It will not! It will patch the flaw in port 445 only. So it will limit the virus spreading but not the attack in the first place. On a scale of risk the 445 port flaw is a non-event for most businesses, so the best solution given by all news outlets will be of zero use to most SMEs!
The NHS, however, was a different matter.
Most versions of Windows can be patched, even XP:
Apply the patches, by all means. And get your staff together for a talk on email security!
We hope this information helps you to stay safe!