Global attack may have started with 'phishing' email

Jun 28, 2017
Rate this item
(0 votes)
Effective cybersecurity starts with seeing yourself as a target Effective cybersecurity starts with seeing yourself as a target Source: CNN.com

Another month, another damaging cyber attack unleashed across the globe.

According to Reuters the latest attack that appears to have targeted Ukrainian businesses could have been started at a Ukrainian accounting firm by a virus that got into a computer system via a “phishing” email.

The emails containing infected Word and PDF attachments were written in Russian and Ukrainian and were designed to lure people into opening them.

CNN is reporting that the ransomware attack dubbed NotPetya shows some similarities to the WannaCry virus that hit over 300 000 computers in 150 countries last month and took down, among others, the National Health Service in the UK.

Both asked victims to pay Bitcoin to get their files back, and both use a similar flaw to spread through networks.

According to researchers, the latest wave of attacks uses a Windows flaw called EternalBlue to spread through corporate networks.

WannaCry also leveraged the EternalBlue vulnerability, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft issued a patch for the vulnerabilities in March.

The attack may be more dangerous than last month as this strain makes computers unresponsive and unable to reboot. So those wanting to pay the ransom may be unable to do so.

Ransomware victims are always advised not to pay ransom to get their files back because it funds the criminal activities of the attackers.

"Cyber attacks can simply destroy us," Kevin Johnson, chief executive of cybersecurity firm Secure Ideas, told Reuters. 

"Companies are just not doing what they are supposed to do to fix the problem."

The best way to mitigate damage from ransomware is to update operating systems and backup data.

Here are some other tips to hack-proof yourself:

  • Don’t open suspicious emails - delete them immediately
  • Encrypt your computer files
  • Run anti-virus software and keep it updated
  • Use two-step sign-in for sites you log into
  • Check the websites you visit have https protocols and display the padlock
  • Explore VPN apps to make your mobile connection private

And, most obviously, it would help you immensely to see yourself as a target.

As Oren Falkowitz notes: “If you can’t imagine why someone would target you, you don’t appreciate your data assets (or those to which you’re connected), and you will fail to protect them properly.” - Gregory Rule

Select Digital News

Subscribe to Select Digital News, our newsletter, and get regular free updates for your on-line presence

Recent Blog Posts

Excited to work with us?

Start A Conversation