In the fourth of our IT insights for businesses we geek out a bit over Petya.
A lot of detailed work has gone into dissecting the latest Petya malware that has struck businesses around the world. Unlike the previous WannaCry attack, Petya was buried in a commercial piece of accounting software called M.E.Doc, from a Ukrainian company. This means that when the attack was triggered, the malware was already installed on over 400,000 PCs undetected by any virus software, even though it was based on some malware first used in 2016.
If you want to learn some of the technical details, Cisco has an alarming but insightful report (http://blog.talosintelligence.com/2017/07/the-medoc-connection.html?m=1). The greatest damage wasn’t done far away, as you might expect, but in the UK, with pharmaceutical giant Reckitt Benckiser having whole factories knocked offline that produce Durex and Neurofen among other products (https://amp.theguardian.com/business/2017/jul/06/cyber-attack-nurofen-durex-reckitt-benckiser-petya-ransomware). The damage to them is estimated at over £100 million.
Antivirus, firewall and email software seems to be increasingly incapable of stopping the new generation of attacks. With this in mind, it is time for companies of all sizes to reconsider their IT protection. For a start, only a few antivirus companies managed to update their protection software the day that Petya struck. Check your IT solutions and see how fast it takes for them to update. If it took a matter of days rather than hours, you should seriously reconsider moving to a more responsive vendor.
The future of IT protection
Increasingly, IT security products will move away from updating after the fact of an attack. Instead, they are operating in a live manner, linked to attack monitoring servers around the world. The technology is generally called “advanced threat protection.” ATP is currently only available for enterprises, but is rapidly being made available for all types of business as new types of attack leave the old software useless.
When an attack starts online, the ATP servers spot and identify the attack, and tell all the protection software what it is and how to stop it affecting your business network. This prevents malware, zero-day attacks, morphing viruses, distributed denial of service attacks and other threats from impacting your business and bringing down your PCs or networks.
Get in touch to find out how improved security could benefit your business. As is evident from past attacks, it is better to take action sooner rather than later.