Although since the rampant virus Petya passed a long time, and large companies and government agencies have reported that completely eliminated the consequences of a massive cyber attack, in fact the situation is far from ideal. Still many companies of an average hand can not work effectively, writes UBR.
“I would have classified the incident as a cyber attack, because attacks usually have a specific goal, and here we watched the massive wanton destruction of infrastructure. Moreover, under its cover, and on the background of conflicting reports in the media, a number of organizations have been in really serious attacks,” — said the head of the laboratory of computer forensics Cyberlab Sergey Prokopenko.
One of the main problems that came to light during the rectification of the consequences, is the almost total lack of qualified professionals who could provide appropriate response to the incident, experts say. That is, even if you have a large staff of IT professionals, no one could decide what to do first is to recover the information or operations, seek to blame or to investigate the method of infection. Consequently, the efforts had been fragmented and was not achieved, almost none of the priority goals.
There are several reasons, experts say. Among the highlights of the lack of experience of IT professionals in responding to attacks (uncommon, all restored, and it “fell” again). And the fact that the attacks are continuing and they have mutated (therefore, some recommendations for the protection of steel is insufficient).
The difficulty also is that some reset computers get infected again, especially if the problem is the administrators are trying to solve occasionally (set to network for a new system if there an infected operating system).
“Operation of computing systems to restore almost everything (reinstalling operating system), but started the operation of its bases, customer service, etc. — not all. Still on the site of a number of companies stated that not all services are available and will be restored in a few days”, — said the technical Director of the Kiev laboratory Zillya! Oleg Sych.
This time most went not to the state, and business. The hardest hit companies that cater large number of consumers.
“To recover the most difficult for those who have IT infrastructure was originally set up well enough — there were no backups, internal network was not segmented, no written security policy and incident response, etc. From the scope of activities the complexity of reconstruction is almost independent,” said Sergei Prokopenko.
What to prepare
At the same time, we should not expect that the last attack was the last, experts warn. The following may occur within days, and another one closer to August 24, the independence Day of Ukraine. Therefore, in addition to invest in dedicated experts on cybersecurity, first and foremost, it is necessary systematically to raise the level of Internet literacy of employees with free access to access to the network. It is often the main cause of infection is the user himself who accidentally downloaded a virus on the working machine (in the latter case, the malware was hidden in updates from M.E.Doc).
“The authors wanted to make their product as accessible as possible, focusing on the users of outdated versions of the OS, and not to spend money on an SSL certificate, so updates were distributed via insecure http. The tendency, when hackers are looking for vulnerabilities in the older hardware, communication protocols, etc., there has been a couple of years ago”, — said PR-Manager of company DDoS-GUARD Olga Bride.
Therefore, for maximum safety it is necessary not only time to upgrade the industrial Park, but also to carefully choose the provider of the software. Though it is expensive, but the loss of customer databases, unique designs and other information which relates to trade secrets — even more expensive, not only for budget but for the reputation of the affected company, experts say.
“At particular risk of defeat by crypto-ransomware, as in the case of ddos attacks, there are banks, gaming projects, online story, since their profit is directly dependent on the health web resources”, — said Braude.
Because in the era of the digital economy to abandon the use of the Internet is unrealistic, the 100% to defend against ever-changing cyber attacks is virtually impossible. But, says Oleg Sych, minimize losses, and to prepare for the attacks. All the basic rules of cybersecurity continue to work further and become even more relevant:
- We must accept that whatever we do, the attack is possible. There will always be a vulnerability, the human factor, the possibility of sabotage, etc.
- The role of protection systems is to complicate the attack.
- You need to be prepared that there will be a new attack scenario that takes into account some weakness in the security system. You need to have a backup plan: how to work without these systems, as immediately to restore them, how safely and quickly to backup all critical information.