Skip to main content

What we have learned from Petya / WannaCry (because we are going to need it)

Just a few hours ago a new attack has been reported: a ransomware similar to WannaCry that affected many companies in May hit organizations, institutions and banks of the world yesterday, affecting mainly those located in Ukraine and Russia .Perimeter security has failed and it has been requested to stop the entire manufacture of some of them, by the braves, to avoid major misfortunes.


Thousands of computers remain kidnapped right now with a screenshot similar to the one in the image.And yesterday's Petya/NotPetya or May's WannaCry have not been much stopped .But we are learning a lot of their behavior, by the braves.


WHAT IS THE Blessed WANNACRY/PETYA


What we have learned from Petya / WannaCry (because we are going to need it)


First, what is the WannaCry? This is a crypto worm, a kind of Double Pulsar Attack computer cutting virus.It is aimed at the Windows operating system and, during the attack, the data is hijacked by numerical encryption, requesting an economic rescue to pay in Bitcoins- although the release is never guaranteed -.


The most aggressive attack began on Friday, May 12, 2017.The infection vector was supposedly the popular EternalBlue, one of the tools leaked and stolen from the National Security Agency. EternalBlue exploits a vulnerability in Microsoft to spread .


The focus began in the offices of Telefonica de Espana during lunchtime.A user opened an email phishing-which supplants the identity of another company or group-and the exploit was installed on a host computer.credentials, one by one infecting all PCs that did not have the latest security updates.The security patch, on the other hand, was issued by Microsoft on March 14, 2017.


Countries such as Russia, Ukraine, Japan, 8 hospitals of the National Health Service of the United Kingdom (NHS) , several FedEx offices and the same Deutsche Bahn were affected.The node did not stop growing , covering 150 countries.By mid-afternoon of the same day, 200,000 computers, many of them connected to the same security services of these companies, were affected.


The worm was stopped in a rather stupid way.A security investigator detected that the WannaCry made a call to a host, to an unregistered Internet domain.This is what is known as a switch .When registering the domain blocking the propagation, but soon appeared new versions without shutdown button .Last versions install their exploit on the router itself.


NotPetya is even more virulent, but less "visual" in its infection.And "super fast." « 5,000 systems dropped in less than 10 minutes », sentence the hacker Dave Kennedy, known since the end of 2015 and belongs to the cyber pirates team Janus Cybercrime Solutions.It is another worm-ransomware capable of creating a file just before the system shuts down.Its propagation system is identical: access through a corporate network taking advantage of security holes in common Windows tools and taking control of the machines internally. From printers to personal photos: everything is encrypted .Even with the network patched , NotPetya can enter through open ports.


THE PRICE OF CYBER SECURITY


What we have learned from Petya / WannaCry (because we are going to need it)


The whole world is in danger.The 21st century crime is called hacking systems.And we will not be able to stop it.It is estimated that in 2020 we will have more than 200,000 million devices connected to the Internet.The Internet of Things will comprise autonomous cars, smart houses, wearables of todaindole, even coffee makers, animals-through geolocation-or clothing; without forgetting, of course, all the mobile telephony, televisions, consoles or musical systems of the planet.


Cyber ​​security is increasingly important.We have turned our avatars, photos of our memories, conversations with our best friends...Sony, one of the big five business mastodon of audiovisual, lost 100 million dollars in a cyberattack that resulted in the leakage of private data of actors and the record of 15,231 employees .


The digitalization of content has conditioned a kind of dependence and the keys to our data are in the hands of very few people.Juicy data for which there are too many thrusters.The ransomware attacks of May, through three anonymous portfolios , were made with a total of 238 payments worth 72,144 dollars .In just one week.


In Spain alone, cybersecurity cost 500 million dollars.On an international level, I invoice 72,000 million euros in 2014.90,000 in 2015.It is estimated that in 2020 it will exceed 160,000 million euros , with an annual growth rate between 9 and 12%.


What we have learned from Petya / WannaCry (because we are going to need it)


Even more important is the money that is no longer earned, that is, what is lost directly by these crimes.In a comprehensive report collected in 2015 by the international insurer Allianz, the team determined that during the previous year almost 450,000 million dollars were lost, supported by the 10 main world economies.According to Forbes, this figure does not represent even half of the real losses.


From the Ponemon Institute they affirm that the increase in spending is triggered at a rate of 20% per year.Each criminal organization costs us an average of 15 million dollars in losses.From McAfee they differ and raise that figure to 20 million.


These last two companies also point out that the average time involved in solving a cyber attack is now 46 days , an increase of almost 30% over the last six years, with an average cost of 1.9 million dollars for each attack that is corrected, 22% more than in 2014.According to the Cybersecurity Ventures team, by 2021 6,000 billion dollars are estimated in losses.The investments have also been consistent: The United States invested 15,000 million dollars in cybersecurity in just two years, from 2014 to the beginning of 2017.


A CHANGE OF PARADIGM


What we have learned from Petya / WannaCry (because we are going to need it)


All these insurers and consultants have seen a cybersecurity reef, because behind the negative figures there are positive ones: you can earn a lot of money.85% of the 100 most important companies in the US have hired their own cybersecurity. There is real fear .


But if we have learned something from WannaCry, it is that no one is completely sure.The total shield does not exist nor does we know an infallible and invulnerable system against external attacks .In fact, although it does not move to instances Popular, companies that denounce their security agencies after an important data leak, although in their contracts they sign, in addition to risk insurance, vulnerability clauses.


And leaks are becoming more common: last September Yahoo confirmed a massive leak with the private data of 500 million users.A 57GB database ran as a torrent, belonging to almost 34 million US employees, among they politicians and military.A few months later we live the 'Cloudbleed', which affected 161 domains , although according to researcher Nick Sweeting, up to 13% of the top Alexa 10,000 were compromised.A list of clients gigantic.


SECRETISM DOES NOT HELP ANYONE


What we have learned from Petya / WannaCry (because we are going to need it)


Another major problem in cybersecurity is due to the lack of communication .When a company reports an attack, it is often investigated, inconvenienting the company in question in the process of analysis.Outside the private sector, the different data protection agencies and agencies do not maintain an active dialogue, but instead work independently.


It is essential to maintain direct communication to avoid the bottlenecks that occurred in the WannaCry.Propagation stopped when Telefonica's main clients suspended their activity and disconnected all systems, but many other companies did not follow the same line of action.In Spain we have the eSEC platform, S2 Group, S21 Sec, GMV, Indra , Panda and many others , but it is essential to improve cooperation between specialists, not to compete for the most juicy client.


Cyberattacks can destabilize critical infrastructures.Any basic service-public transport, ports, hospital databases, flight histories, public administrations-can be frozen.It is capital to understand how they propagate and place operators in the critical places where attacks usually occur.Of the 12 essential sectors in Spain the most affected are energy , with an average of 100 annual cyberattacks.And rising.


What we have learned from Petya / WannaCry (because we are going to need it)


Unfortunately, we are facing a certain drought of experts.More professionals are needed on a global scale, better communicated and trained in all the sectors that open-for example, the motor world in the case of autonomous cars.Employment and talent in these areas should be rewarded and encouraged.Events such as the Cybercamp, the Securmatic Fair or the Hacker Day can encourage and promote these actions .Otherwise we will be unprotected against any misfortune.


Images: Pixabay.com

Comments

Popular posts from this blog

Is it a good idea to share photos of our children on social networks?

VGstockstudio/Shutterstock A few days ago it transpired that Gwyneth Paltrow, who has 5.3 million followers on Instagram, had had a small fight with her daughter, Apple Martin, after the 14-year-old girl called her mother's attention to climb to the social networks a photo in which she left.The important thing, beyond who is right, is that the issue has generated a discussion about where the limits on the information that parents should place they share their children on the networks. Related We often think in a wrong way that young people don't care about their privacy, a belief fueled by advertising campaigns they give because they share their personal life in excess or do not understand what they are exposed to.However, as I have written on some occasion on the subject, parents may have to worry less than they think, given that young people tend to to handle privacy responsibly.or, it should be the parents, and not their children, who were most careful with their o...

Why do young Spaniards want to be (at all costs) "popus" in social networks?

Through mobile, tablet or computer, teenagers are now connected at all times with their friends or strangers thanks to social networks, instant WhatsApp messaging or video platforms such as YouTube. According to data from the consultancy Comunica + por-, 40% of adolescents in this country are connected 24 hours a day, while 5 out of 10 connect until they go to sleep, and only 30% it is less than 3 hours a day.The intensive Internet connection is thus the modus vivendi of young Spaniards. Related In addition, this generation likes to use many media at the same time.While they watch television, listen to music, surf the Internet and connect to their social profiles, they may be doing their homework.social and apps to connect with your friends , like the popular WhatsApp, take your preferences .This is because, in the adolescent stage, people usually build their identity, wondering who they are and how others see them. Be accepted by peers They seek the acceptance of their peers ...

The 10 trends that have changed the way we shop from top to bottom

From the Orange Foundation they show us how the changes in the business fabric of our country are taking place thanks to the Internet and all its «friends»: the multiscreen, the social networks, the mobile, the cloud...If our (bis) grandparents saw us, they would not know how it is possible for us to buy a jacket by squeezing a few buttons.That if, as soon as we explained it, they would hook up without remedy.-The digital transformation of the retail sector shows us the keys to this process.Today we are going to study the ten trends that are being fundamental to change the way we buy.Do you aim? 1.The omnichannel of the retail sector Behind this long word, there is a very simple explanation.Do you want to buy from your PC, or better using the tablet, or maybe from the smartphone...? You can do it from the store's website or through Facebook. A multitude of channels and they all take us to the same port: a satisfactory purchase. 2.Automation, customization and recommendat...

The fourth century of the data guardian: this has changed the AEPD

October 1993.Bill Clinton has recently been elected president in the United States.Checoslovaquia has ceased to exist and the Medellin cartel terrorizes Colombia, while Pablo Escobar counts his last days.In the Spanish covers the future of Europe and democracy.There was talk of reforming the labor market and a new abortion law that would never be approved.Discussions resembled those of today, but a revolution was beginning to cook . Related The Internet was then something unknown to most of the population.In our country, there was a whopping 10,000 machines connected to the network (according to Red Iris data ).There were 10,000 web pages in the world.Mobile phones would be a luxury from the following year (1994); smartphones , still science fiction.Most of the inhabitants of the planet had not yet begun to leave the trail of data that haunts us today.And yet, that October of 1993 was born the Spanish Agency for Data Protection as a premonition of what was to come. everything ...

Tribes: the instant messaging app for musicians and their fans

Tribes, a startup of Spanish origin, has just launched a new free application that unites instant messaging, streaming music and the ability to connect musicians and fans Everyone with similar tastes. The application, which has just presented its mobile version for Android, allows you to create and join groups, called tribes, in which to comment, discover and listen to songs in streaming. Tribes, which has an intuitive interface and Colorist , offers more than 50 million songs to share and the possibility of creating and playing collaborative playlists in each tribe. »Music fans miss a place to interact with others fans and with our favorite bands, something like what was once MySpace, "explains its CEO and founder, Andres Sanchez through a statement." Social networks now play this role, but not They are designed or designed for music lovers.Using new available technologies such as messaging and streaming reinvent the concept and try to make Tribes the place of ref...

How to achieve the perfect selfie on Instagram (word of photographer)

That you raise your hand that has never taken a selfie ...Ok, you may not have finally uploaded it to Instagram because you have not left as favored as you thought, but all, at last and after all, we have succumbed to the temptation to photograph ourselves. If the reason why you have not dared to upload this snapshot to your social network is because you have not obtained the expected result, calm.It is not necessary to be the king or queen of the selfies, but here we are going to Offer a series of tips and tricks to improve your technique .Word of professional photographer. The light, the light... Let's recognize it.It has been difficult to find a photographer who wants to give us these guidelines.Not surprisingly, they usually work doing portraits, and the protagonist of their work is always in front of the camera, not behind. Therefore, Carlos Aires tells us that his main advice now is not to take any selfie ."The saturation is of such a magnitude that it seems ...

I want to be an eSports player, where do I start?

Nowadays, the eSports industry is something unbeatable for a rookie player .How many leagues are there? Where can you start playing professionally? without getting lost between forums and promotions? What requirements are necessary? If you are tempted to be an eSports player, read on. We are going to put a little order on this gigantic ecosystem that attracts more spectators and players every day and in which not only players, but also trainers, physiotherapists, lawyers and analysts of diverse people are involved, so if you want to train part of such a demanding industry, we already let you know: it requires a lot of discipline, commitment, companionship and sense of duty . PLAYING FOR FUN The common situation is usually the following: a player has been soaking up his favorite hobby for some time, consulting forums and improving his system in order to have a team capable of competing: headphones, a good keyboard and mouse, looking the best way to optimize the imput lag of ...

How to create animations online without touching a line of code

Although traditionally the photographic and video edition, the design of logos, the elaboration of posters and other disciplines were relegated to the professionals, the popularization of the Internet and the technological development have resulted in the birth of more tools simple to use that have brought this type of creations to all types of users. Today we will focus on those designed to design animations , something that we usually associate with complicated tasks and programming processes, however, it is possible to give rise to some of the funniest without touching a single line of code or download any software.These are the best online services that will allow us to do so. Make Web Video One of our favorites is Make Web Video, a site that is not only easy to use, but also has a vast and original selection of templates .For example, there are some to create cartoons , to design corporate videos, scrapbooks and others.Also, by passing over them, we can preview them,...

How to put music to a YouTube video without being deleted for infringing copyright

Upload a video to YouTube that contains a song may violate copyright and cause unpleasant consequences, from the removal of the video to, in case of repeated violations, the closing of the channel.However, put music on YouTube without infringing copyright is possible and there are several methods. Related You can take advantage of the functions of the portal that let you know if a song is usable and, in addition, monetize its use.It is also possible to access the archive of free songs made available by YouTube or, alternatively, go to one of the numerous Websites that host melodies with a Creative Commons license. But, we go in order with this little guide . All the options to upload music in a video The famous platform for watching and sharing videos introduced a system to discover how to use a particular song, even if it is covered by copyright. How to do it? Once the web has been logged in through the Google account, you must click on our image (or in the space for...

If you want to get rich on YouTube, you better not talk about politics

There are youtubers gastronomic, fashion, technology, games and almost anything that comes to mind, some of them with masexito and others with less.The illusion of all these new audiovisual communicators is to live from it and become the new Rubius.And it may be that someone achieves this dream... as long as he does not choose national politics as thematic. At least it is what emerges from a study recently published, prepared by teachers Vanessa Rodriguez Breijo, Jorge Gallardo Camacho and Javier Sierra Sanchez, from the universities of La Laguna and Camilo Jose Cela. Enel, concludes that Youtube is a territory that is not very fertile for political debate. selflessness for politics In fact, as highlighted in the conclusions of this investigation, the frequency, number of views and user interaction in the videos selected in the sample revealed that the viewers had less interest in politics that for other themes related mainly to entertainment and it seems, in addition, that ...