A little while ago, I wrote on this Blog about the threat that the form of malware known as Ransomware poses to our online security. Now I want to focus on the particular threat that Ransomware poses to universities.
I’m thinking of a recent case in which one prominent university fell victim to this menace, with worrying results. When the Ransomware infection hit the university in question, it locked down exam results shortly before they were due to be announced. No decrypter could be found for the specific infection, but the university had, fortunately, digitally backed up all of its exam results by recording them on excel spreadsheets. This allowed the administration to painstakingly reconstruct the locked-down results, but the announcement of those results was delayed for almost one month.
Backing up or Backing Down?
Depending on I.T. and administrative procedures, the consequences of Ransomware attacks can vary widely from one university to another. A recent attack on the University of Calgary in Alberta, for example, compelled that institution’s authorities to pay a ransom of $20,000 to have their computer systems files decrypted. The ransom had to be paid, simply because the university had failed to properly back up its data. This must be one of the most expensive lessons ever learned at any university.
Securing the University in a Risky Environment
Unfortunately, the bigger picture is worrying. Ransomware threats are constantly increasing in number and becoming ever-more sophisticated. What should our universities do to avoid getting “system infected” warnings due to Ransomware activity? One highly recommended precaution is to use automated and isolated backup mechanisms, together with an Intrusion Detection System (IDS) both at network level and for critical assets. An IDS is a powerful resource in the battle against Ransomware, because it provides specific insights into any potential threat. The AlienVault Unified Security Management (USM) platform may be especially desirable, because it has inbuilt IDS with SIEM (security information and event management) and real-time threat intelligence. Both of these features can help in the rapid detection of Ransomware and other threats.
Over half of all organizations assume that their IT networks have been penetrated, or will be in the future. The number of IT professionals admitting that they really don’t have complete control over sensitive systems and data is increasing each year.
The First Line of Defense Has Already Fallen
Perimeter detection is the first line of defense against any attack, whether it be physical, think an alarm going off when security in your home is breached, or an ATM blocking your back card if there have been too many incorrect PIN entries. The issue currently facing many IT experts, security analysts and information security professionals is that there has previously been an over reliance on perimeter detection as the ONLY line of defense. Not only are cyber-attacks completely bypassing perimeter detection, a recent survey reported that up to 30% of all security breaches never triggered the virtual alarms, but that preventative discovery is close to non-existent in many organizations.
What is even more alarming is what happens after a security breach.
The speed with which an organization reacts after a breach is vital in not only securing sensitive information but in examining and investigating exactly what happened, finding the compromised end-points and determining the full data risk impact as fast as possible. The problem is that most organizations are reactive instead of proactively aggressive in their search for potential threats at all times. In the same survey, it was noted that up to 25% of IT security professionals were notified of data breaches and cyber-attacks by a 3rd party. By then it could be too late.
Figuring out what happened after the fact is essential. Yes. Creating a secure environment that STOPS attacks is even more vital. To do that security professionals need to be vigilant, proactive and relentless in their hunt for cyber threats before they become cyber casualties of war.
WhatsApp is used by over a billion people worldwide – that’s billions of messages, all allegedly private, secure, and protected by the end-to-end encryption provided by Open Whisper Systems. But are your private messages really secure?
End User Encryption Vulnerability
In early January, 2017 a ‘Backdoor’ was found in the WhatsApp system that could potentially give a third-party access to your messages. A ‘Backdoor’ is either placed by design, or by shortcoming, and it allows for unauthorized access to data, in this case, your messages. WhatsApp has previously stated that their popular messaging system is completely secure and encrypted, and indeed their encryption protocol is very safe. The problem lies not in the protocol itself but in the way it is implemented.
Defect or Feature?
When confronted with this security problem, Open Whisper Systems’ suggested that the vulnerability is not a defect, it is in fact a feature of most standard end-to-end encryption software. It seems that when posed with the dilemma between ultimate security and streamlined user-experience WhatsApp chose the latter. While they have clearly and publicly declared that they would oppose any request, even from a government department, to gain access and / or monitor user activity, there is a vast difference between choosing not to divulge information and blocking any access to it.
So what does this security vulnerability mean for the end-user? The detail lies in WhatsApp’s ever-changing encryption key that is broadcast by a contact and is not verified by WhatsApp security. Each time a contact broadcasts a new encryption key, it is not re-verified so as not to cause a break in the message delivery process.
How to Protect Your Messages
If you’re conscious about your privacy, it’s important to verify the encryption keys broadcast by your contacts before you send messages. Enable security notifications in the application itself and make sure that you manually accept and verify each encryption key broadcast by your contacts. However, you should be aware that this does not promise airtight security, seeing as WhatsApp will only notify you that the encryption key has changed after your message has been delivered. If you want to be extra cautious, conduct your private conversations on platforms like Signal that chose security over user-experience, and enable the verification of new keys before they are used.