No doubt you’ve read the recent news that NHS services across England have been hit by a large-scale cyberattack and they have elected to protect their IT systems by shutting them down as a precaution.
One point to note from this is that the attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. The ransomware spread is agnostic – it is not bothered by size or value (the ransom request itself is only reported to be £230), from small businesses to large enterprises being hit. It is widely reported that over 100 countries have been hit by “WannaCry”.
It has become apparent that the attack was started by exploiting a vulnerability in software and then in turn a dial back being started to the killswitch domain, which encrypted the target endpoint… this has been replicated thousands of times globally. The technology behind the attack is nothing special in the scheme of how second generation malware has moved on in recent years, this is a relatively straightforward attack. It is a very worrying state of affairs that so much damage has been caused.
What SMBs need to understand is that they do not have the resources to be able to deal with attacks like this, in the same way the NHS does… They don’t have unlimited funds to throw at a resolution or deal with the inconvenience. An attack like this could ruin an SMB.
Heimdal Security CORP – the cyberthreat security suite with 5 key layers which ensures proactive protection against cyber-attack.
Patching of vulnerabilities
- 46% of IT decision makers mentioned hardware or software vulnerabilities as one of the most important internal security challenges they face.
- According to Homeland Security’s cyber-emergency unit, US-CERT, as many as 85% of all targeted attacks can be prevented by applying a security patch.
Heimdal automatically and silently patches software vulnerabilities, on a key performance indicator of 4 hours. No manual intervention is required, it is simply set and forget. The most recent attack could and should have been prevented, but the systems were reliant on manual updates… this patching SIMPLY WAS NOT DONE.
Blocking Internet traffic used to deliver attacks
Heimdal Security blocks malicious internet traffic that carries malware and blocks redirects. Any website can become infected due to a targeted attack or simple mismanagement. Heimdal Security prevents infection by filtering HTTP/HTTPS and DNS level traffic. One of very few that have the skills to work at DNS level.
Blocking and removing malware communication when penetration occurs
When infected, Heimdal stops the malware from communicating between the endpoint and the cyber criminal’s infrastructure (malicious websites, Command & Control servers). 91.3% of ransomware dials back for its encryption key via DNS traffic. Heimdal filters DNS level traffic and blocks these malicious dial backs. As such the encryption key cannot execute and encrypt the endpoint. The killswitch domain used in the “WannaCry” attack is blocked by Heimdal Security. It would have prevented encryption from ever happening.
For more information on Heimdal or to request a free 30-day trial call 01245 205 970, email firstname.lastname@example.org