Defending Against a Malware/Ransomware Pandemic

01/06/2020 11:30:34


We are now, no stranger, to how fast a sickness or virus can spread. Ideally, COVID-19 has made us uniquely aware of our own mortality and fragility. But how did COVID-19 spread so far, so fast?

Super spreaders are one fascinating and frightening element contributing to the spread of viruses. The 20/80 rule established that one in five people could be responsible for 80% of transmissions of a disease. In the early 1990s, 1 person infected 51 people with typhoid, with no symptoms of her own. In the 1995 outbreak of Ebola in the Congo, there are thought to be 2 people who alone infected around 50 others. Singapore SARS super spreaders infected about 10 people each, and known one COVID-19 super spreader in South Korea infected around 20 people from her church directly, resulting in 52 COVID patients in just over two days.

One of the most recent computer “super spreader” is the WannaCry virus, which infected an estimated 200,000 computers in 150 countries in 2017. How did it spread so far, so fast? WannaCry started with an EternalBlue exploit designed to target Windows operating systems. It began by injecting shell code into vulnerable systems, which allowed attackers to exploit infected machines.  A backdoor, already running in the background, is detected. WannaCry was often spread through phishing emails and was able to bypass any authentication requests and send SMB requests to different systems. This request is designed to tell the hacker whether a machine is clean or already infected. If an underlying infection already exists, the backdoor can be used to the withdrawal of files and install WannaCry malware. One of the victims most viciously attacked was the National Health Service hospitals in England and Scotland, with up to 70,000 devices infected, including computers, MRI scanners, blood-storage refrigerators and theatre equipment.

What does this say about how fast your network can be infected? Quite a lot. It takes just moments for malware to be injected and spread laterally through your network – infecting or encrypting everything in its path. With the number of super spreader-ish malware strains out there, the only way to truly protect your network from certain attack is deploying a security system which offers 24/7, 365 detection with automated and AI-powered features.

What Do You Look For, For Total Protection?
First, look for a trusted vendor with real-world experience combating these types of viruses and malware. While some vendors supply to part of the solution – you are still left with the whole problem. CIO’s need a highly integrated solution with network and endpoint security products to provide correlated threat analysis and response. Unique clustering algorithms significantly reduce the number of alerts and false positives, improving security x50. Finally, seek out automatic analyzation policies to cover all assets and detect new threats.

Why Sangfor?
We can no longer plead ignorance of how fast viruses spread and how one weak link in the security chain can affect the well-being of thousands if not hundreds of thousands. Consider if just one of these super spreaders would have sought medical attention earlier or stayed home? How many fewer cases of illness would we have seen? Now consider if the WannaCry hosts had deployed appropriate protection for their network – far fewer computers, companies, and individuals would have been impacted, or ruined, by WannaCry. It’s time for solid, secure, and correlated network security.

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s options for preventing loss from insider threat, and let Sangfor make your IT simpler, more secure and more valuable.

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES INC. ALL RIGHTS RESERVED.