Why Africans should be worried about PETYA 0 1341

  • The malicious software has been identified as a modified version of a previously known ransomware, called Petya or Petrwrap, that has been substantially altered.
  • Due to its unique characteristics, it has been dubbed as NotPetya and ExPetya, which is currently detected by ESET as Win32/Diskcoder.C Trojan.
  • NotPetya can be termed as a worm, which can self-replicate across multiple networks. Petya uses two primary methods to spread across networks. Execution across network shares and SMB exploits
  • The current global ransomware trend utilises the EternalBlue Exploit in order to take advantage of the vast use of the Windows Operating System.
  • More than 80% of enterprise servers and endpoints in the African Digital Economy run on the Windows Operating System.
africans-worried-petya

It all begins with the MS17-010 Exploit

The EternalBlue Exploit, otherwise known as MS17-010, developed by the NSA and pilfered by the Shadow Brokers continues to open opportunities for malicious malware authors as fresh ransomware attacks continue to ravage Europe while spreading through the globe at an alarming pace.

Notably, it has become evident that in the realm of cybersecurity, the adage of once bitten, twice shy, seldom applies as unpatched computer systems have been utilised for a second time by cybercriminals to achieve exponential infection rates, reminiscent of the WannaCry nightmare that the globe experienced only two months ago.

NotPetya

The malicious software has been identified as a modified version of a previously known ransomware, called Petya or Petrwrap, that has been substantially altered, prompting a debate among researchers over whether it is new malware.

Due to its unique characteristics, it has been dubbed as NotPetya and ExPetya, which is currently detected by ESET as Win32/Diskcoder.C Trojan. If it successfully infects the MBR (Master Boot Record), it will encrypt the whole drive itself. Otherwise, it encrypts all files, like Mischa.

How does NotPetya replicate?

In many ways, NotPetya can be termed as a worm, which can self-replicate across multiple networks. Petya uses two primary methods to spread across networks. These include:

  • Execution across network shares: It attempts to spread to the target computers by copying itself to [COMPUTER NAME]\\admin$ using the acquired credentials. It is then executed remotely using either PsExec or the Windows Management Instrumentation Command-line (WMIC) tool. Both are legitimate tools.
  • SMB exploits: It attempts to spread using variations of the EternalBlue and EternalRomance exploits.

Crucially, NotPetya seeks to gain administrator access on a machine and then leverages that power to commandeer other computers on the network: it takes advantage of the fact that far too many organizations employ flat networks in which an administrator on one endpoint can control other machines, or sniff domain admin credentials present in memory, until total control over the Windows network is achieved. It achieves primary access through using phishing techniques to trick administrators into running the malware with high privileges.

What institutions have been adversely affected?

africans-worried-petya

The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack. The attack has even affected operations at the Chernobyl nuclear power plant, which has switched to manual radiation monitoring as a result of the attack.

Infections have also been reported in more isolated devices like point-of-sale terminals and ATMs. The virus has also spread internationally. The Danish shipping company Maersk has also reported systems down across multiple sites, including the company’s Russian logistics arm Damco.

The virus also reached servers for the Russian oil company Rosneft, although it’s unclear how much damage was incurred. There have also been several recorded cases in the United States, including the pharmaceutical company Merck, a Pittsburgh-area hospital, and the US offices of law firm DLA Piper.

The attacks have been indiscriminate across every vulnerable vertical as institution after institution falls short against the unique threat posed by NotPetya.

Why Africans should be concerned about the current global ransomware trend

The current global ransomware trend, of utilising the EternalBlue Exploit in order to take advantage of the vast use of the Windows Operating System should send chills down the spines of any executive worth his salt in the African Digital Market for the following reasons.

Firstly, more than 80% of enterprise servers and endpoints in the African Digital Economy run on the Windows Operating System, thus exposing majority of our organisations to the next-generational strains of ransomware being designed by savvy malware authors. Moreover, a significant percentage of these Windows systems are run on legacy platforms such as XP and Windows Vista which exponentially increase the probability that these systems are probably unpatched.

Secondly, there is an astounding number of citizens who are unaware of the cybersecurity risks present within their daily lives. Kenya, serves as a key example to the plight of the African digital economy. With an 85.3% internet penetration rate, Kenya boasts a wealth of 37.7m netizens, actively contributing to their digital ecosystem.

Moreover, due to the proliferation of mobile banking, internet banking continues to rise within the region. However, contrary to logical perception, about 90% of Kenya’s netizens remain unaware of the increased cyber risks within their digital market. This poses a unique and advanced risk as ransomware’s primary source of entry is through A

In conclusion, new strains of ransomware seem to tactically replicate across networks utilising unpatched Windows systems and untrained company personnel through phishing e-mails to wreak havoc across targeted networks. The African Digital Economy is especially vulnerable to these risks as they exploit our unique weaknesses.

Our recommendations:

  1. Invest in new-school cybersecurity awareness training.
  2. Deploy reputable endpoint protection.
  3. Strengthen your business continuity capabilities.
  4. Evaluate and Patch Installed Software.
  5. Monitor access rights.
Previous ArticleNext Article

How To Easily Set Up a VPN at Home 0 247

Woman working at home

As the COVID-19 pandemic has many organizations switching employees to remote work, a virtual private network is essential for countering the increased security risks

Probably, you have been forced to work from home due to the COVID-19 outbreak (recommended to reduce the spread of the virus). However, you are wondering how you will set up your VPN to enable secure communication.

Well, don’t agonize too much; we shall first explain to you what a VPN entails. And then, provide you with a step by step procedure for setting a basic Virtual Private Network. Here we go!

First, what is a Virtual Private Network (VPN)?

Essentially, a VPN is a private channel within a wider (open) network that enables you to communicate with your peers (other nodes with similar settings) without leaking your information through the use of encryption.

Besides, you can utilize a VPN to initiate communication through any network without revealing your location. In any case, a significant number of vendors deal with clients needing such services to avoid being tracked or be able to bypass particular network filters. 

However, in our case, we shall consider a home office VPN that will create a communication tunnel for your practical and secure home office communication.

Is it necessary to set up a virtual private network?

For there to be any communication between two endpoints ─ your pc and the computer in the main office –, they must be configured.

In this case, you’ll require the services of your IT department (if you have one), who will guide you regarding the applications to install, as well as provide you with VPN credentials depending on your needs. Upon installing and configuring the said app, you can automatically establish communication through the provided link. Easy-peasy, right?

On the other hand, if you don’t have an IT department behind your back, then you may have to do it yourself. These shouldn’t; however, scare you at all; it’s not as tough as you might imagine.

But before we explore the nitty-gritty of setting up the VPN, we first need to identify the options we have. In our case, we shall examine two options:

  • Open VPN: standard in small office/home office and business-class routers
  • IP Sec: Is Built-in and commonly used by desktops, smartphones, and laptops

The Open Virtual Private Network

This type of VPN has been around for a long time and has proved itself secure and reliable. It is ideal for small office/ house offices, as well as business-class routers, thanks to its open-source nature.

Procedure for installation

  1. On a contemporary device, go to the router’s configuration screen and click the relevant buttons to access your office network
  2. Download the configuration file generated by the router
  3. Use this file to configure/setup the OpenVPN in your pc, smartphone, or desktop that you want to use to access the Network behind that particular router. In case you get stuck somewhere, you can download or follow an online tutorial for your specific router.
  4. Download the required apps that will enable you to access your new home office VPN from this website.
  5. Install the downloaded applications and then configure them using the files generated when setting up the Open VPN on your office router.

In the event you find the going tough, you can always consult with an online tutorial or IT personnel.

Internet Protocol Security

IPsec is also another technology that has been in use for an extended period to provide reasonable security. It utilizes the same working principles as the OpenVPN; however, it is mostly used on lower-cost routers. Besides, it is a built-in technology in most desktops, laptops, and smartphones; therefore, it eliminates the need for installing another application on your device.

The installation process is similar to that one of OpenVPN. However, implementing a particular router IPsec can sometimes be a little more complicated compared to installing an open VPN.

Fortunately, with the use of native tools on your remote endpoints, you can offset this by just typing in a few things, such as the required IP address and credentials.

Final thoughts

Conclusively, these are some of the simplest virtual net protection options you can install on your home system without requiring massive/no input from IT experts.

Importantly, you will need a beefier than standard broadband for quick communication over the VPN. Also, you may experience slower connections due to the much horsepower required to keep the connection encrypted and tunneled. Nevertheless, this is a small price to pay in exchange for a secure home office communication.

In case you required any advice regarding VPN options or installation services, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-days trial for free.

How To Improve Communication Security with MFA 0 655

Person working on two factor authentication

Remote work can be much safer with the basic cyber-hygiene practices in place – multi-factor authentication is one of them

If you are working from home due to the coronavirus pandemic, it is essential to integrate two-factor authentication (2FA) or multi-factor authentication in your daily login routine. That way, you can beat fraudsters at their own game, since the security of your essentials isn’t wholly dependent on passwords alone.

The interesting bit with this technology is that you may have already seen it in action; for instance, when requesting access to your bank account via your smartphone. In this case, you must enter the one-time code sent to you in addition to your password to gain access.

See, enabling such double authentication processes on all your logins can make it difficult for scammers to access your accounts even if they compromise your passwords.

That said, you may now want to know which MFA option to use? Well, we take a look at some of the ways you can utilize MFA to bolster the security of your connections when working remotely.

  1. First, the use of a physical token

To implement this technique, you will require a physical device such as a security USB key, a key fob, or a similar item that will generate a secure code for verification purposes.

You’ll mostly be required to integrate this method if you need access to your cloud-based applications, online office applications, or corporate office technology. The YubiKey or Thetis is an example of such a device that you can purchase with less than US$50.

For convenience purposes, most of these devices are designed tiny; you can carry them in your pant pocket or hang them on a keychain for safety purposes. 

2. Use of a mobile phone

Most likely, you own a smartphone, right?

If yes, you can use it to boost your MFA security capabilities. For instance, you can download an authentication app such as Google Authenticator, ESET Secure Authentication, or Authy for your use.

The only caveat here is to ensure your source has a reputable security background. This is informed by the fact that the app is going to reside inside your smartphone, which is also vulnerable to security threats; therefore, robust security is required to avoid pre-emptying your security efforts.

Importantly, be on the lookout for spam messages when using your phone as they can trick you into compromising your accounts.

Fortunately, if you download applications from reputable sources, you can be offered a solution in case you have an issue with the platform itself.

3. Use of Biometrics

Factually, no single human being shares a fingerprint or retinal scan with another. This unique feature has been conveniently utilized overtime to provide robust multi-factor Authentication. 

You can also utilize the same to secure your connections.  For instance, you can take a picture of your face or scan your fingerprint using a biometric reader – currently, a common feature in smartphones or other devices ─, and then integrate it in your login procedure. These will prevent any other user from accessing your accounts or private information.

On the flip side, some folks feel that the technique is somehow creepy; therefore, give it a wide bath. Besides, it can present a challenge when you need to reset your bio features if your service provider is hacked.

Final thoughts

When scouting for a suitable MFA option for your needs, it is vital to consider one that can easily fit your routine. This stems from the fact that without proper utilization, an MFA option can’t protect you.

Similarly, an MFA technique can allow some side benefits as well. For instance, in the event of a security breach, you will be notified that your password has been interfered with; this can enable you to implement mitigation measures. Not only that, but you also get protected from the would-be attack since the fraudsters wouldn’t have access to your other factors.

In case you require a secure authentication application or consultation regarding MFA options, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software. 

Try our extended 90-days trial for free.