Cyber attacks continue to increase in prominence around the globe. Earlier this year, we saw two widespread cyber attacks that affected many different types of organizations. These attacks being the WannaCry and Peyta campaigns. These two campaigns resulted in massive amounts of shut downs, lost time, and lost revenue. While we were able to address the global effects of these ransomware strains, this does not mean that they are not still prevalent. This was proven in a recent WannaCry infection that hit the well-known electronics manufacturer LG.
Where the Infection Began
Ransomware was first discovered in LG systems within a self-service kiosk in South Korea, and further analysis of the code had proven it to be WannaCry. This strain of malware targeted outdated Windows systems in the global attack, and while measures were taken by Microsoft to address the exploit, those with unpatched systems are still vulnerable. Upon discovering the infection, LG had blocked access to the service center to prevent it from spreading into other systems. The infection had resulted in some delays for select service centers on August 14th, but the self-service terminals were back up and running after two days. LG said that no data was lost in the attack and no ransom had been paid. They also said that unpatched terminals have now had security updates applied. The electronics giant is working with KISA (Korea Internet & Security Agency) in attempts to discover how the ransomware had initially infected the service center network. Once they have finished their investigation, perhaps they will release further details as to the method of infection.
Maintaining Proper Cyber Security
As mentioned above, WannaCry targeted outdated and unpatched systems. This makes a valuable security point as far as the dangers of running unpatched or legacy systems. Security patches and updates are one of the easiest ways for organizations and individuals to maintain better protection of their data and digital assets, and yet many continue to neglect them. Realistically, it is not difficult to follow prompts and allow systems to download and install these patches. Sure, it can take a little bit of time, but it is far less time than it will take to remove and mitigate a malware infection. To not complete this simple security measure is purely neglectful and lackadaisical. This is not meant to belittle or criticize those that have not updated, but rather to raise awareness of the potential consequences of ignoring those system update notifications.
Aside from security patches and system updates, there are numerous other implements that must be in place to maintain proper cyber security. There are the necessary basic defenses of antivirus and firewalls, but there are also advanced tools and services available for the purpose of proactive defense and protection. This includes cyber security monitoring, which helps to detect anomalies or attempted infiltrations, as well as intelligence services that vet the threat landscape, allowing defenses to be put in place before an attack. Individuals may not need this type of comprehensive defense, as a good home antivirus and firewall is often enough to defend personal systems, assuming patches are installed. An organization or business, on the other hand, must ensure that they have more extensive defenses in place because of the large amount of sensitive data that they may store. This includes organizational and customer data and their customers are trusting them to properly defend this information. Massive Alliance offers an array of cyber security tools and services that can help organizations of all sizes to stay protected in the modern threat landscape.