What we have learned from Petya / WannaCry (because we are going to need it)

Just a few hours ago a new attack has been reported: a ransomware similar to WannaCry that affected many companies in May hit organizations, institutions and banks of the world yesterday, affecting mainly those located in Ukraine and Russia .Perimeter security has failed and it has been requested to stop the entire manufacture of some of them, by the braves, to avoid major misfortunes.

Thousands of computers remain kidnapped right now with a screenshot similar to the one in the image.And yesterday's Petya/NotPetya or May's WannaCry have not been much stopped .But we are learning a lot of their behavior, by the braves.

WHAT IS THE Blessed WANNACRY/PETYA

First, what is the WannaCry? This is a crypto worm, a kind of Double Pulsar Attack computer cutting virus.It is aimed at the Windows operating system and, during the attack, the data is hijacked by numerical encryption, requesting an economic rescue to pay in Bitcoins- although the release is never guaranteed -.

The most aggressive attack began on Friday, May 12, 2017.The infection vector was supposedly the popular EternalBlue, one of the tools leaked and stolen from the National Security Agency. EternalBlue exploits a vulnerability in Microsoft to spread .

The focus began in the offices of Telefonica de Espana during lunchtime.A user opened an email phishing-which supplants the identity of another company or group-and the exploit was installed on a host computer.credentials, one by one infecting all PCs that did not have the latest security updates.The security patch, on the other hand, was issued by Microsoft on March 14, 2017.

Countries such as Russia, Ukraine, Japan, 8 hospitals of the National Health Service of the United Kingdom (NHS) , several FedEx offices and the same Deutsche Bahn were affected.The node did not stop growing , covering 150 countries.By mid-afternoon of the same day, 200,000 computers, many of them connected to the same security services of these companies, were affected.

The worm was stopped in a rather stupid way.A security investigator detected that the WannaCry made a call to a host, to an unregistered Internet domain.This is what is known as a switch .When registering the domain blocking the propagation, but soon appeared new versions without shutdown button .Last versions install their exploit on the router itself.

NotPetya is even more virulent, but less "visual" in its infection.And "super fast." « 5,000 systems dropped in less than 10 minutes », sentence the hacker Dave Kennedy, known since the end of 2015 and belongs to the cyber pirates team Janus Cybercrime Solutions.It is another worm-ransomware capable of creating a file just before the system shuts down.Its propagation system is identical: access through a corporate network taking advantage of security holes in common Windows tools and taking control of the machines internally. From printers to personal photos: everything is encrypted .Even with the network patched , NotPetya can enter through open ports.

THE PRICE OF CYBER SECURITY

What we have learned from Petya / WannaCry (because we are going to need it)

The whole world is in danger.The 21st century crime is called hacking systems.And we will not be able to stop it.It is estimated that in 2020 we will have more than 200,000 million devices connected to the Internet.The Internet of Things will comprise autonomous cars, smart houses, wearables of todaindole, even coffee makers, animals-through geolocation-or clothing; without forgetting, of course, all the mobile telephony, televisions, consoles or musical systems of the planet.

Cyber security is increasingly important.We have turned our avatars, photos of our memories, conversations with our best friends...Sony, one of the big five business mastodon of audiovisual, lost 100 million dollars in a cyberattack that resulted in the leakage of private data of actors and the record of 15,231 employees .

The digitalization of content has conditioned a kind of dependence and the keys to our data are in the hands of very few people.Juicy data for which there are too many thrusters.The ransomware attacks of May, through three anonymous portfolios , were made with a total of 238 payments worth 72,144 dollars .In just one week.

In Spain alone, cybersecurity cost 500 million dollars.On an international level, I invoice 72,000 million euros in 2014.90,000 in 2015.It is estimated that in 2020 it will exceed 160,000 million euros , with an annual growth rate between 9 and 12%.

What we have learned from Petya / WannaCry (because we are going to need it)

Even more important is the money that is no longer earned, that is, what is lost directly by these crimes.In a comprehensive report collected in 2015 by the international insurer Allianz, the team determined that during the previous year almost 450,000 million dollars were lost, supported by the 10 main world economies.According to Forbes, this figure does not represent even half of the real losses.

From the Ponemon Institute they affirm that the increase in spending is triggered at a rate of 20% per year.Each criminal organization costs us an average of 15 million dollars in losses.From McAfee they differ and raise that figure to 20 million.

These last two companies also point out that the average time involved in solving a cyber attack is now 46 days , an increase of almost 30% over the last six years, with an average cost of 1.9 million dollars for each attack that is corrected, 22% more than in 2014.According to the Cybersecurity Ventures team, by 2021 6,000 billion dollars are estimated in losses.The investments have also been consistent: The United States invested 15,000 million dollars in cybersecurity in just two years, from 2014 to the beginning of 2017.

A CHANGE OF PARADIGM

What we have learned from Petya / WannaCry (because we are going to need it)

All these insurers and consultants have seen a cybersecurity reef, because behind the negative figures there are positive ones: you can earn a lot of money.85% of the 100 most important companies in the US have hired their own cybersecurity. There is real fear .

But if we have learned something from WannaCry, it is that no one is completely sure.The total shield does not exist nor does we know an infallible and invulnerable system against external attacks .In fact, although it does not move to instances Popular, companies that denounce their security agencies after an important data leak, although in their contracts they sign, in addition to risk insurance, vulnerability clauses.

And leaks are becoming more common: last September Yahoo confirmed a massive leak with the private data of 500 million users.A 57GB database ran as a torrent, belonging to almost 34 million US employees, among they politicians and military.A few months later we live the 'Cloudbleed', which affected 161 domains , although according to researcher Nick Sweeting, up to 13% of the top Alexa 10,000 were compromised.A list of clients gigantic.

SECRETISM DOES NOT HELP ANYONE

What we have learned from Petya / WannaCry (because we are going to need it)

Another major problem in cybersecurity is due to the lack of communication .When a company reports an attack, it is often investigated, inconvenienting the company in question in the process of analysis.Outside the private sector, the different data protection agencies and agencies do not maintain an active dialogue, but instead work independently.

It is essential to maintain direct communication to avoid the bottlenecks that occurred in the WannaCry.Propagation stopped when Telefonica's main clients suspended their activity and disconnected all systems, but many other companies did not follow the same line of action.In Spain we have the eSEC platform, S2 Group, S21 Sec, GMV, Indra , Panda and many others , but it is essential to improve cooperation between specialists, not to compete for the most juicy client.

Cyberattacks can destabilize critical infrastructures.Any basic service-public transport, ports, hospital databases, flight histories, public administrations-can be frozen.It is capital to understand how they propagate and place operators in the critical places where attacks usually occur.Of the 12 essential sectors in Spain the most affected are energy , with an average of 100 annual cyberattacks.And rising.

What we have learned from Petya / WannaCry (because we are going to need it)

Unfortunately, we are facing a certain drought of experts.More professionals are needed on a global scale, better communicated and trained in all the sectors that open-for example, the motor world in the case of autonomous cars.Employment and talent in these areas should be rewarded and encouraged.Events such as the Cybercamp, the Securmatic Fair or the Hacker Day can encourage and promote these actions .Otherwise we will be unprotected against any misfortune.

Images: Pixabay.com

Comments

Internet of plants: a tomato knows as much about networks as you

The possibility of plant species communicating through complex networks, what some scientists have called the internet of plants , is an issue that has been discussed for a long time, at least 20 years.It was in 1997 when the scientist Suzanne Simard , from the University of British Columbia in Vancouver (Canada), published a study in the journal Nature on how Forest plants use complex systems where species exchange nutrients, send warning signals and relate to the environment. Although there is no scientific consensus, several investigations seem to support this hypothesis.If confirmed, as we read in a fascinating report by the Sinc Agency, the forests would act as huge structures that are articulated under the soil through a network in which factors invisible to the human eye interact and can determine the future of the climate.Understanding how it works is the challenge that even science faces. internet of plants and the wisdom of forests The premise of Suzanne Simard ...

New setbacks for conspiranoicos: radiofrequencies do not affect health

New evidence published by the Scientific Advisory Committee on Radio Frequency and Health (CCARS) in its 2016 Radio Frequency and Health Report indicates that there are no adverse health effects derived of exposure to radio frequencies emitted by mobile phone antennas or radio and television broadcasting.No evidence has been found on the danger in wireless systems (Wi-Fi) or airport scanners. The new 2016 Radio Frequency and Health Report collects, updates and analyzes the scientific evidence on the subject for the period between January 2013 and June 2016. radio frequencies are not dangerous According to the conclusions of the report " the critical analysis of the evidence supports that there are no technical or sanitary reasons that justify the arbitrary and discretionary imposition of more demanding exposure limits than those recommended by WHO-ICNIRP and the Union European ", while the application of more restrictive limits" would imply increasing the n...

GIF history: where they come from and where they are going

Funny, witty, curious... GIFs have already become a regular resource in social networks and messaging applications and have become part of our daily lives and jokes.It is an image format that has evolved significantly throughout its history and is experiencing a new awakening. In fact, to find its origins, we must go back more than twenty years ago .A moment in which they had little to do with what we know today and an evolution that we could not stop review.So let's find out where they come from and try to catch a glimpse of where they are going. What is a GIF The word GIF responds to the acronym of Graphics Interchange Format , or what is the same, graphic exchange format.A term for the graphic format used in the network for both static images and animations.In more concrete terms, it supports 8 bits per pixel and allows you to display images with up to 256 colors simultaneously-limited by a palette of 16 million-. This particularity makes it a perfect ally of infogr...

Amazon Prime Video arrives in Spain: this is all you need to know

That during the last years there has been a change in the way we enjoy audiovisual content is an obvious reality, as reflected by the huge popularity of streaming services like Netflix and the like.A context in which new competitors are constantly added and that, after the landing of this company in our country just over a year ago, is in full transformation. In fact, today we have learned of the incursion of a new protagonist in this area.Yes, because Amazon Prime Video has just arrived in Spain .A landing that takes place only two weeks away that of HBO, which culminates in a 2016 sown of changes.But, what exactly does it consist of? What advantages and disadvantages does it have compared to the "of its kind"? WHAT AMAZON PRIME VIDEO OFFERS The type, quality and quantity of movies and series offered by the service will be key when determining your success.A catalog a priori smaller than that of HBO and Netflix, but in which we find titles like Seinfield , Into...

What we know and what we suspect in the new Facebook algorithm change

"In my time, we read the newspaper in Facebook ".By 2020, nostalgia has taken over billions of people.In its memory, 2018, when Facebook stopped being Facebook to become Facebook again.Paraiso of engagement for brands and media, land paid for clickbaits and fake news, the social network of Mark Zuckerberg has given a rudder to his algorithm. He wants to return to his origins .And this is what will happen. Related If something goes well, to change it.40.653 million dollars entered in 2017.More than 2.100 million active users per month, a quarter of the world's population.But Zuckerberg is not one of those, of which they are.Want a Facebook with more social connections between people and less presence of brands and media .And what do your users want? Nearly two-thirds of American adults consume news on social networks.More than half do so on their Facebook walls.Pew Research Center data points to a clear trend: Facebook is becoming a media platform.54% of Facebook u...

No kidding: selfitis exists and can be a problem

Sometimes one thinks that social networks were created to share photos of faces putting on little bones and images of dishes overflowing with appetizing foods or, better, of faces putting little bones in front of plates overflowing with appetizing foods in the same shot.is to see faces, faces, faces...all of them smiling, as if looking at the smartphone mirror was the height of happiness.And it does not seem that there are so many beautiful and happy people, or maybe yes, that you go Namely.What envy. Well, what we're going to do: Janarthanan Balakrishnan psychologists from the Thiagarajar School of Management in India; and Mark D.Griffiths, of the Nottingham Trent University, in the United Kingdom, have published an article in the International Journal of Mental Health and Addiction entitled 'A study on' Selfitis', which names this mania of going around the world taking pictures of oneself, as if beyond our curls the world had been destroyed by that meteorite th...

Twitter shows the best of ourselves (it wasn't always going to be the worst)

In the era of social networks, accustomed to interact daily with Facebook, Twitter, Instagram, Google or WhatsApp, we forget that these tools are phenomenal in the History of Humanity capable of mobilize hundreds of thousands of people in very different geographical locations in a matter of hours or even minutes. Already in the past, Twitter has asserted its more social dimension to mobilize people, companies or organizations and also, from a broader perspective, feelings of solidarity and support or also of rejection and repulses towards causes with an important mediatic impact.Recently, Twitter was once again the engine of solidarity after Dortmund's explosions as the Borussia Dortmund team bus passed on its way to the local stadium on the occasion of the Champions League match between the Borussia and the Monaco. These explosions did not have the devastating effect that they could have caused , so that everything remained in a major social commotion at international lev...

Most apps for children violate your privacy

Do you know if apps with which children enjoy their safety? A team of researchers from the International Computer Science Institute (ICSI) of the University of Berkeley has studied compliance with the Online Privacy Protection Act (COPPA) in these mobile applications for the little ones, through a scalable dynamic analysis that allows the automatic evaluation of privacy behaviors of Android apps. After studying 5,855 applications aimed at children, the research concludes that most of these apps, 57%, violate the privacy of their users mainly due to the use of data by third parties. apps for children and privacy Although many apps offer options in their configuration to respect the federal law that protects minors in the United States, by disabling tracking, their results suggest that a majority of applications either do not use these options or propagate them in wrong way. In addition, researchers believe that 19% of apps for children send user IDs to third parties to show ...

Are social networks damaging democracy?

The revelations according to which Russian agents inserted ads on Facebook that tried to influence the 2016 US elections raise a disturbing question: is Facebook bad for democracy? As an expert in the social and political repercussions of technology, I think that the problem is not exclusively from Facebook, but that it is much broader: Social networks are weakening some of the conditions that have historically enabled the existence of national states democratic. I understand that it is a dramatic statement, and I do not expect anyone to believe it immediately, but considering that almost half of all potential voters received false news promoted by the Russians in Facebook is an argument that must be debated. Associate Professor of Philosophy, Director of Center for Professional and Applied Ethics, University of North Carolina-Charlotte How we create a shared reality Let's start with two concepts: the "imagined community" and the "bubble filter". ...

This is how visual challenges star in some of the most viral content

Constantly, we all receive in our mail, our WhatsApp or our Facebook account, games that try to test our ingenuity, imagination or visual skill.There are a thousand types, more fun or darker.But they have one thing in common: we cannot avoid trying them and see if we are able to solve them .This is how the visual challenges star in some of the most viral content of the network. Visual challenges, why are we crazy? The visual challenges are games.So, they attend to this playful and fun part that people have no choice but to feed from time to time.They are pure and hard entertainment, with no more pretensions, and that desire to Having fun represents one of the main features that are sought when surfing the Internet . Another of the qualities for which they succeed is because they challenge the mind directly.Human beings love that feeling of feeling a little troubled, somewhat lost, but convinced that there is a solution to that enigma to which, sooner or later, it will come.Rathe...

Network One Online

Search This Blog