At the risk of sounding like a geek, I could not help but notice the discussion about whether the 2016 Uber hack was ransomware or just extortion. I searched the web and the consensus definition of ransomware is “a type of malware that encrypts files so they cannot be opened, and prevents you from using your computer or accessing those files unless you pay a ransom.” Uber disclosed that hackers stole the personal information of some 50 million customers and 7 million drivers including names, email addresses and mobile phone numbers, plus 600,000 US drivers’ license numbers. It was then reported that the company paid the hackers $100,000 to delete the data and keep quiet about it. So technically this hack may not have been ransomware since the data was reportedly exfiltrated, but regardless of this point, we need to be vigilant in guarding against this type of malicious breach.
To put things in perspective, if we just look at ransomware, some analysts believe that cybercriminals could have made as much as $1 billion from it in 2016, and ransomware could have made up nearly 40% of all spam e-mails sent in 2016.
The problem is huge, so let’s focus on what we can do to protect our organizations, our customers, and ourselves. A few suggestions:
- Be Vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
- Back Up Your Data: Plan and maintain regular backup routines. Ensure they are secure, and your storage is not constantly connected or mapped to the live network. Test your backups regularly to make sure they work – someday you or your organization may depend on them.
- Disable Macros: Macros in emails and documents are a common infection mechanism, and should be disabled by default to help keep you protected.
- Patch: Update and patch software regularly for all your devices, including operating systems and applications. Do this frequently and don’t delay – time is on the side of the attacker, not you.
So how do we ensure that we do these four things above (there are more, but this is a good starting point)? The first three are relatively straightforward, but one problem I run into with almost every customer I work with involves updating and patching software. Normally this is done by two different teams: Security and Operations. Both are typically highly skilled, well-managed and overloaded with work. The Security team conducts frequent scans to detect vulnerabilities and then passes the results on to Operations. Operations, however, needs context to prioritize the remediation of these vulnerabilities along with the other items on their to-do list. Blind-spots (undiscovered or unmanaged servers and endpoints) also need to be discovered and updated. And vulnerabilities need to be remediated quickly – studies have shown that half of all vulnerabilities are exploited by hackers in 30 days or less.
Fortunately, BMC can help. Using solutions such as BMC Discovery for Multi-Cloud, you can detect the assets in all your data center and cloud environments, view how they are related to each other, see their dependencies, and understand which business services depend on which assets (hardware and software). With BMC SecOps Response Service, you can bridge the gap between Security and Operations. With SecOps Response Service, security and IT operations teams can work more closely together, and use automation to prioritize and quickly remediate vulnerabilities based on risk and potential impact to the organization.
Once again, remember that time is on the side of the attacker- not you. However, by being proactive and putting the right solutions in place before the attack, and responding quickly when a vulnerability is identified, you will have a much better chance of staying ahead of the threat, and putting the brakes on cybercriminals like the ones that went after Uber.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.