WannaCry and Other Stupid Crimes
We have had crime for about as long as we have existed as a species – arguably longer. We have also had stupid criminals for about the same length of time. The best and brightest are off being great and outrunning much larger groups of B and C players. The others, well, some of them turn to crime.
Scott Arciszewski hacked an FBI vendor, then bragged about it on Twitter, #EpicFail in a tweet unseen since the days of the Cisco Fatty. Fans of Florida Man would no doubt be unsurprised to learn Arciszewski’s alma mater was the University of Central Florida.
With WannaCry (aka WannaCrypt, WanaCrypt0r etc) the authors of the malware included a function that would check for the presence of a server at a particular random looking host name. If there was a server present, the malware would shut down. If there was no server found, the malware would spread and infect.
The only problem here is that it is fairly trivial for researchers to sandbox WannaCry, watch what it does and as happened here, go out and buy the domain for $10 and trigger the kill switch. Of course this means that others, once they had the source code, they would immediately edit the kill switch strings and set the domain name to something else. Which also implies that shortly after that happened someone would rip out the kill switch code altogether.
Now the good news is that even in cyberspace, just like in meatspace, criminals are usually pretty dumb, lazy or both which means that you can usually defeat the casual criminals with relatively basic, simple steps. Some of these steps include:
- Try to avoid unsupported software –since support for those platforms has ended they no longer get patched and updated for even known exploits – meaning that there are multiple documented ways into these systems and there isn’t really much you can do – unless you move to something that is supported and that does get updates.
- Update and Patch – vendors like Microsoft and others put a great deal of effort into delivering timely patches and updates to address known vulnerabilities and they do a pretty good job – even when they have to burn midnight and weekend oil in order to get those patches out. That said, users (or those managing user devices) need to actually install the patches and updates.
- Backup and Prepare – for enterprises this is probably going to entail some sort of disaster recovery, preferably with some sort of remote DR site such that a single large natural disaster cannot take out both the primary and recovery sites. Also important to keep in mind that untested failover and recovery is wishful at best. There are also many examples of backups seeming to work well but restores being a somewhat different situation. Trust, but verify. Or don’t trust.
Just like in meatspace, should a really determined professional want to get in to your network, it is likely that given enough time and resources he will get in. However, taking some basic steps like the ones outlined above will at least raise the bar and help keep the casual doorknob rattlers out.