You are here

Cybersecurity expert: WannaCry reaches T&T

Some network owners gonnacry
Published: 
Wednesday, May 17, 2017
Shiva Bissessar

One of T&T’s top Internet experts has expressed concern that there may not be enough formal tracking of cybersecurity exploits in T&T, in the wake of last week’s WannaCry ransomware attack, which began on May 12 and quickly went global.

As far as I know we do not presently collect such statistics for local sites. We do have a CSIRT (Computer Security Incident Response Team) and they may be collecting such data,” said Patrick Hosein, who has managed the .tt domain for T&T for more than 25 years.

“Several years ago (long before the CSIRT was formed) I had suggested to the UWI that we should form a CERT (Computer Emergency Readiness Team) to assist the local community but I was not taken seriously,” said Hosein.

The US formed its first CERT in 1988 after a major worm attack.

WannaCry is estimated to have infected 230,000 computers in 150 countries, with the worst hit countries believed to be Russia, Ukraine, India and Taiwan. Major institutional services were struck several as well.

So, have WannaCry and other ransomware attacks hit T&T?

“Yes, users and entities in T&T have been affected by WannaCry and previous instances of ransomware,” said cybersecurity expert Shiva Bissessar.

Bissessar worries that despite the threat and impact of the global exploit, the response in T&T is going to remain slow and measured.

“With the exception of certain sectors, I would say there is a generally immature response to such threats. This can be because of a lack of awareness of the potential impact of how serious an Information Security breach can be in terms of direct financial loss and loss of confidence by key stakeholders such as partners, clients, and shareholders,” said Bissessar.

He said in T&T Information Security risk is seen as an ‘IT problem’ and not a risk management issue which has the potential of affecting all aspects of business operations.

“WannaCry is a significant reminder to organisations to develop formal patch management procedures, incident management plans and business continuity plans.

“There needs to be a more mature response within local organisations to formulating an Information Security Governance strategy which will cover these and other areas.”

Hosein, who lectures at UWI, worries that “the skills needed to combat skilled attackers are far beyond those required for system administrators.”

“If they were to source skilled resources it would most likely have to come from abroad. At present the UWI does not provide advanced training on cybersecurity (and not many students are interested in this area),” he said.

And running the .tt domain, Hosein sees a lot of these attacks, which he believes are increasing because of the accessibility of tools and code.

“We have had to continuously make process and code changes to maintain a high level of security. More and more people worldwide (many of my attacks have been from China) are acquiring the tools to launch attacks but defenses have not been moving at the same pace.”

Microsoft has described the incident as a wake-up call to the online community.

“I believe organisations have already hit the snooze button on this wake-up call,” Bissessar said.

“Some tend to think that they are not targets of such a threat and can fly under the radar of attackers…after all God is a Trini right? As the indiscriminate WannaCry attack showed, you don’t necessarily have to be targeted to become a victim.

“Organisations need to take note of their own responsibility in establishing an Information Security Governance strategy and deal with all of these potential threats going forward from here.”

About ransomware

 

Ransomware is usually executed through phishing emails, which promise users something and use their click through as a vector to install malicious code.

WannaCry (officially WannaCrypt) has not been proven to have executed through phishing and was developed from an exploit (EternalBlue) and backdoor (DoublePulsar) developed by the National Security Agency (NSA) in the United States.

The digital weapon was accessed during a hack on the NSA and the code formed the basis of the WannaCry exploit which targets vulnerabilities in Windows.

Microsoft issued a critical patch on March 14 that removed the vulnerabilities on current versions of the OS, but some users and organisations had not applied it.

Many of the affected older organisations were running older versions of Windows which are unsupported by Microsoft, though the company has since issued updates which will harden these older systems against the exploit.

The attack was slowed when a web security blogger registered a domain name he found in the ransomware, which flipped a temporary kill switch on its propogation. Newer versions of WannaCry have been found without the kill switch in the code.

Neil Walsh, UN Chief of Global Programme on Cybercrime noted the release of an early possible fix for the malicious code here: http://ow.ly/Pf1Y30bOiws.

In a Ransomware attack, the code encrypts the computer’s files and issues a demand onscreen for payment to release the files. The fee to unlock WannaCry was US$300 in Bitcoin (http://ow.ly/EoDA30bNLYb), a digital cryptocurrency in the first three days or $600 within seven days.

By May 17, 238 payments totalling just over US$79,000 had been transferred (http://ow.ly/WrRY30bNLFE). BitCoin addresses, or “wallets” can be viewed publicly, though their owners are anonymous.