Check Point’s Incident Response Team has identified a new variant of the Petya malware and is offering some key tips on how to avoid being held up for ransom.
Check Point’s Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared in 2016 and is currently moving laterally within customer networks. It appears to be using the ‘EternalBlue’ exploit which May’s WannaCry attack also exploited. It was first signaled by attacks on financial institutions in the Ukraine, but soon started spreading more widely, particularly across Europe, the Americas and Asia.
The ransomware is propagating fast across business networks in the same way WannaCry did last month. However, unlike other ransomware types including WannaCry, Petya does not encrypt files on infected machines individually: instead it locks up the machine’s entire hard disk drive.
How the attack happened
The attack started in Ukraine and caused massive disruption to the country’s critical infrastructure, before spreading further in Europe, infecting a number of businesses.
It has been speculated the source of the infection was a compromised software update to a tax accounting software package called M.E. Doc, which was pushed out to the company’s customers, although this has been disputed by M.E. Doc.
Within 24 hours of the attack starting, the method by which victims can pay the ransom fee has been rendered useless: an email address provided by the criminals has been shut down by the hosting provider, while the Bitcoin wallet in which ransoms are supposed to be deposited has not been accessed. The wallet reportedly contains less than $10,000 worth of Bitcoin.
At the same time as the Petya attack, the Check Point research team detected the simultaneous distribution of the Loki bot through infected RTF documents, which install a credential-stealing application to infected devices. However, at this stage, the two attacks do not appear to be directly connected.
Key takeaways from the attack
Check Point believes there are three main takeaways from this latest global ransomware attack:
- This attack could have been avoided, and the ones we will see in the future can be avoided too. With more than 93% of Enterprises failing to deploy the technologies available to protect them from these kinds of attack it is not surprising that they are spreading so quickly. As such business must deploy the solutions that prevent these types of attacks, and keep their security patching regimes up to date.
- It’s time for company, government and organisational leadership to drive the cyber security agenda. These global attacks demonstrate that we need to invest in the future of cyber security. It is critical that modern cyber security technologies are deployed from governmental level down to prevent them happening again. We know that these attacks will continue to happen again and again – so we need to take steps to protect ourselves against them.
- Fragmented security is part of the problem. There are too many disjointed technologies focused on detecting an attack after the damage is done. To address this organisations of all sizes, and in all sectors, need a unified architecture, such as Check Point Infinity, that is focused on preventing the attacks before they hit.
How can you protect yourself and your organisation?
This attack demonstrates two major trends: first, how effectively new variants of malware can be created and spread on a global scale at incredible speed. Second, despite the impact of WannaCry, many companies are still not well prepared to prevent these types of attacks from infiltrating the network.
These attacks have the potential to create massive damage, as seen by the impact on critical infrastructure in the Ukraine. And the consequences of such a rapid spread of infections can have a dramatic effect on day to day lives, crippling critical services and disrupting daily routines.
· Apply all security patches immediately
As security patches for the vulnerabilities exploited by the Petya and WannaCry ransomware have been available for several months, organisations should apply those patches on their networks immediately. They should also ensure that they roll out and apply new patches as they become available.
· Block attacks before they take hold with Next Generation Threat Prevention
Enterprises also need to focus on preventing attacks before they take hold. In these types of attacks, detecting the attack after it has happened is simply too late: the damage is already done. Next Generation Threat Prevention is essential, to scan for, block and filter out suspicious files content before it reaches networks. It’s also essential that staff are educated about the potential risks of incoming emails from unknown parties, or suspicious-looking emails that appear to come from known contacts.
AppDate: uKheshe bring banking to the masses
In his apps roundup, SEAN BACHER highlights uKheshe, FNB’s banking app with its will feature, Split Payments, Momentum Safety Alert and Fleetonomy.
uKheshe micro transaction platform
Financial inclusion took another step forward as local start-up, uKheshe, South Africa’s cheapest and most convenient QR cash card and micro transaction platform, won the 2019 Global Fintech Hackcelerator @ Southern Africa competition.
“The issue of financial inclusion is a global one and the more we can do to uplift the unbanked and under banked, the healthier their respective economies will become,” says Clayton Hayward, co-founder, uKheshe.
While 1.2 billion people have opened a financial account since 2011, there is still an estimated 1.7 billion adults worldwide (or 31% of adults) who don’t have a basic transaction account. Globally, two-thirds of adults without an account cite a lack of money as a key reason, which implies that financial services aren’t yet affordable or designed to fit low-income users.
To find out more about uKheshe click here
FNB’s banking app with will feature
First National Bank now lets its customers draw up their own wills via the FNB Online Banking platform at no cost. To date, the bank has seen a significant increase in the number of clients who drafted their own wills online, with over 52 000 clients already accessing the functionality.
Approximately 80% of South Africans don’t have a valid will in place; and many people believe that it’s a need only when they get older, or later in life.
“Whilst the digital process is simple and easy to use, the solution also helps with a dedicated client support centre should clients need further assistance or advice regarding the drafting of their wills,” says Johan Strydom, Growth Head, FNB Wealth and Investments. “The solution aims to simplify the process and allows customers to easily draft a will online anytime and at any place, at no cost. In addition, FNB will keep your original will in safe custody at no extra cost.”
Platform: Android and iOS
Expect to pay: A free download
Stockists: Available the FNB app which can be be downloaded here.
PayFast has launched Split Payments, a South African-first that instantly splits a portion of an online payment with a third party. The service is designed to facilitate fast, safe payments for platform-based businesses, including online marketplaces.
For those who run a marketplace that brings together multiple sellers or merchants looking for new sales channels, Split Payments addresses payment headaches with a simple API integration.
Consumers are used to engaging with large global transactional platforms such as AirBnB, Uber, and Amazon. The benefits and extended reach of these types of platforms are catching on locally, and organisations like estate agency groups and even community marketplaces are setting up digital trading platforms.
The app allows businesses to instantly split out commission, membership or listing fees, when a payment is made via one of its supported payment methods.
For each online payment received the business can determine what the split is, either a fixed amount, a percentage, or a combination of both. Custom recurring payment integration, such as subscriptions payments, can also be split automatically.
Platform: iOS and Android
Expect to pay: A free download
Stockists: Download Split Payments here
Read more about Momentum’s new Safety Alert app and Fleetonomy.
Why 4G is still a thing
Even with the 5G era already upon us, investment in 4G/LTE networks is still vitally important for operators in sub-Saharan Africa and must remain a core focus of network construction for the immediate future. This is according to David Chen, Vice-President, Huawei Southern Africa.
“Currently, the mobile broadband penetration rate in Africa is only 47%, while 4G penetration rate is merely 10%,” Chen said.
“Insufficient coverage causes LTE users to fall back to the 2G or 3G networks, resulting in significant decline in user experience. It also leads to congestion on the 2G and 3G networks and makes it difficult to release spectrum used by 2G and 3G.”
Chen said that LTE and 5G complement each other and are evolving in parallel. In the next few years, 5G will mainly be used in more industrial communications.
LTE will remain the primary choice for global mobile communications through 2025. It will form the basic layer of national networks, especially when it comes to the mobile broadband access.
“It will take a long time for 5G to provide nationwide continuous coverage. Before that, enhanced LTE networks can guarantee optimal user experience for 5G users, including services such as VR, AR, and cloud gaming,” said Chen.
He said that it is important for operators to invest in 4G to secure future growth, as it is estimated that there will be an additional 80 million LTE users in sub-Saharan Africa by 2025.
Driven by this growth, LTE traffic in sub-Saharan Africa will increase by a factor of 8.8. By 2025, about 80% of all data traffic in the region will be over an LTE network.
LTE will also be the main source of future revenue for operators.
“According to GSMA Intelligence, 2G and 3G users in sub-Saharan Africa will gradually migrate to 4G,” said Chen. “By 2025, the proportion of 2G users will drop from 46% to 12%.”
Part of the reason for the migration to 4G is because the ecosystem is mature.
“The price of feature phones supporting VoLTE in the sub-Saharan Africa market has been as low as $25,” Chen said.
Since 5G equipment is already available, there is an opportunity for operators to build out their 4G networks while ensuring that they can evolve to 5G in future.
Chen offered the following tips to operators to ensure they are ready for 5G:
- All future equipment installations should be 5G ready, allowing easy upgrades to 5G through software updates.
- Software should support multi-standard spectrum sharing to improve spectrum efficiency, and to allow the smooth migration of 2G and 3G users.
- Networks must support 4G and 5G coordination, in terms of spectrum, operation and maintenance. This will ensure that users have a consistent experience as we enter the 5G era.
- The value of existing ICT infrastructure, such as base station sites, must be maximised to avoid overlapping services and wasted resources. This would mean boosting the capacity and coverage of every station for optimum efficiency.
- Carriers should explore the business case for all possible 5G innovations when building 4G networks, and not just embrace 5G for its own sake. This will mean building business models around IoT, video, live broadcast, augmented reality, and virtual reality.
- It is important that operators build partnerships with providers that can support the ongoing spectrum evolution with fast site upgrades and large-capacity solutions. The idea is to maximise the value of 4G networks, and smoothly evolve to 5G without unnecessary infrastructure investment.