http://www.polity.org.za
Deepening Democracy through Access to Information
Home / Opinion / Institute for Security Studies RSS ← Back
Africa|Defence|Design|Fire|Microsoft|SECURITY|System|Systems|Technology|Testing|Africa|Malicious Software|Software Updates|Systems|Technology|Microsoft Windows|Windows XP|Albertus Schoeman|Transnational Threats|Operating System|Operating Systems
Africa|Defence|Design|Fire|SECURITY|System|Systems|Technology|Testing|Africa|Systems||||
africa-company|defence|design|fire|microsoft|security|system|systems-company|technology|testing|africa|malicious-software|software-updates|systems|technology-industry-term|microsoft-windows|windows-xp|albertus-schoeman|transnational-threats|operating-system|operating-systems
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Verification Image. Please refresh the page if you cannot see this image.

Sponsored by

Close

Article Enquiry

Be ready for the next global cyberattack

Verification Image. Please refresh the page if you cannot see this image.
Close

Embed Video

Be ready for the next global cyberattack

SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

On 12 May, more than 150 countries were attacked by ransomware with over 200 000 computers infected. Ransomware is a type of malicious software (malware) that encrypts a computer’s data until a ransom is paid. In this case, $300 worth of the cryptocurrency bitcoin was demanded for infected computers.

While the scale of the attack makes it seem spectacular, flaws found in the ransomware showed that the attacker was relatively amateur – cybersecurity specialists temporarily stopped the spread of the ransomware using a ‘kill-switch’ that stops the software from running.

Advertisement

But new adaptations of the code are already being found, and if the world was this vulnerable to a relatively unsophisticated attack, what kind of damage could an experienced group of hackers cause? And what can be done to prevent future attacks?

Malware can only infect a computer if there is a vulnerability in the system such as a design flaw in the programming code. This particular type of ransomware was a worm, which is a form of malware that spreads by searching a network for other vulnerable computers to infect them as well.

Advertisement

The specific vulnerability that this worm searched for is one of the ‘exploits’ for old Windows operating systems identified by the US National Security Agency. An exploit is a recognised vulnerability in a system that can be used to bypass its security. Security agencies gather these to use for hacking and spying on criminals or other governments. This particular exploit was leaked in mid-April by the hacking group Shadow Brokers.

The reason why the ransomware spread so quickly is a consequence of a widespread lack of basic cybersecurity. Four weeks before the leak, Microsoft released an update to fix it. This means that most of the infected computers had not implemented security updates for more than two months. The rest of the infected computers were still running the outdated Windows XP operating system, which Microsoft stopped providing security updates for in April 2014.

The 12 May attack could have been avoided by following a few basic cybersecurity principles like regularly running software updates.

Good cybersecurity requires contingency planning. Just like any organisation must have emergency evacuation plans and fire drills, organisations and individuals should be prepared for cyberattacks. This entails regularly testing cybersecurity measures and, for organisations, can include having experts try to hack into their systems.

In the case of ransomware, data should be backed up and stored separately from the main network where it can’t be reached by malware. Organisations should have plans in place for how to maintain functionality without connectivity, such as having printed records.

Cybersecurity also depends on individuals using computers in a responsible way, in what is termed ‘cyber hygiene’. Organisations should teach staff basic cybersecurity principles like choosing complex passwords, not having the same passwords for different logins and using two-factor authentication to verify when a user has logged in. Individuals should also learn to recognise suspicious documents or links where the source has not been verified and could contain malware.

Governments have a critical role to play in maintaining cybersecurity as well. In Africa, many countries still lack appropriate legislation to prosecute cybercrimes. While tracking down cybercriminals can be difficult, many perpetrators who have been traced haven’t been prosecuted because of a lack of legislation to prosecute cybercrimes.

Establishing the necessary legislation and international cooperation agreements is an important step towards addressing cybercrime. This needs to be supported by practical co-ordination mechanisms such as joint working groups, and the sharing of intelligence and techniques on combating cybercrime. Companies should be encouraged or compelled to disclose details of cyberattacks to help others prevent and combat future attacks.

There are also serious deficits in the skills for cyber defence and the tracing of perpetrators. The Center for Strategic and International Studies estimates that by 2019, one to two-million cybersecurity positions will remain unfilled. Governments should work in collaboration with technology companies to fill this gap and develop a new generation of cybersecurity professionals.

In 2016, an estimated $1-billion was paid to unblock ransomware; and in 2015, ransomware called CryptoLocker extorted more than $325-million.

Based on the tracking of bitcoin addresses associated with the 12 May attack, the cybercriminals have only managed to extort about $100 000 to date. The effects were relatively small, besides the disruption it caused. But if lessons aren’t learnt from this attack, the next one could be much worse.

Written by Albertus Schoeman, Consultant, Transnational Threats and International Crime Programme, ISS

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options
Free daily email newsletter Register Now
Register Close