What You Need to Know about the ‘New’ Evolution in Viruses
Posted by Mr. Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources, Inc on 7/18/2017

The barrage of viruses continue with WannaCry and Petya making a world-wide impact. The latest stream of ransomware and viruses don’t discriminate as they impact many industries and people around the world. A reminder that we are all vulnerable and that cyber criminals are just a step ahead. Understanding what happened in these cases are important to keep up with their tactics and adjust accordingly.

By now you know the simple rule of don’t use ‘password’ as your password. Just behind this advice, is update your software. If you keep up with your patches, good for you, but now, it turns out the patch was the culprit of delivering the Petya virus.

The publication Wired reported that:

“Security researchers at ESET and Cisco's Talos division have both published detailed analyses of how hackers penetrated the network of the small Ukrainian software firm MeDoc, which sells a piece of accounting software that's used by roughly 80-percent of Ukrainian businesses. By injecting a tweaked version of a file into updates of the software, they were able to start spreading backdoored versions of MeDoc software as early as April of this year that were then used in late June to inject the ransomware known Petya (or NotPetya or Nyetya) that spread through victims' networks from that initial MeDoc entrypoint. This disrupted networks from pharma giant Merck to shipping firm Maersk to Ukrainian electric utilities like Kyivenergo and Ukrenergo.”….

“One reason hackers are turning to software updates as an inroad into vulnerable computers may be the growing use of "whitelisting" as a security measure, says Matthew Green, a security-focused computer science professor at John Hopkins University. Whitelisting strictly limits what can be installed on a computer to only approved programs, forcing resourceful hackers to hijack those whitelisted programs rather than install their own. "As weak points get closed up on the company side, they’ll go after suppliers," says Green. "We don't have many defenses against this. When you download an application, you trust it."

The worst reaction your credit union can have right now is say, ‘Great, now we aren’t going to patch”. Patching is still critical, and safe for Windows, Cisco, Java, etc. the reason for this is because these developers use codesigning. This makes tampering with the update significantly more difficult.

So as technology continues to evolve, so does our due diligence over vendors. Perhaps adding confirmation that your data processor’s updates are codesigned may not be a bad idea. 

Feel free to contact me directly (irafiq@curesources.coop) if you would like help determining if your credit union is taking proper proactive security measures, ensuring you will satisfy examiners, or not wasting money on needless testing.

Categories: Technology Consulting & Compliance
Post a Comment
Email: (Email will not be published.)
Subscribe to the Blog

Categories & Archives
Category Filter

Author Filter




Connect: FacebookTwitter©  Credit Union Resources, Inc. All rights reserved.


Contact Us
6801 Parkwood Blvd.
Suite 300
Plano, Texas 75024
Phone: (469) 385-6400
Toll Free: (800) 442-5762
Online Form