Spotlight: WannaCry outbreak a cybersecurity wake-up call

Source: Xinhua| 2017-05-20 15:53:39|Editor: Song Lifang
Video PlayerClose

WASHINGTON, May 20 (Xinhua) -- Cybersecurity experts said the recent WannaCry ransomware outbreak is a wake-up call for the world, calling for improved cybersecurity awareness.

A massive number of organizations across the globe have been targeted by the malware since May 12, with latest counts showing that more than 200,000 computers in some 150 countries have been hit by the cyberattack.

The hacking using ransomware is called WannaCry, which locked the data and demanded payment in bitcoin for the decryption.

James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington-based think tank, said that WannaCry is "a tribute to negligence."

"This highlights one of the biggest problems in cybersecurity: many people still don't take it seriously," said Lewis.

According to the expert, the 2016 Verizon Data Breach Report, one of the best sources of information on breaches, found once again that the vast majority of successful hacks required only the most basic techniques because defense is too often ignored, something that has been true for years.

"It is a horrible lesson about why using supported software, and keeping that software updated, is so important," said Alan Woodward, a visiting professor at the University of Surrey's department of computing.

Nick Coleman, Chair of Britain's Institution of Engineering and Technology (IET)'s IT Panel, said that the far-reaching impact of the cyber attack has proven that any organization is at risk of being hacked.

The experts also shared his insights on how to prevent and control the malware outbreak, saying that "good security measures and training can help to reduce the risk of attacks from becoming disruptive."

In the longer term, Coleman said, as people around the world move to an increasingly "smart" world, where nearly every device and machine is getting digitally connected, a solution to the problem is the establishment of a government department focused on this "smart" world's emerging engineering challenges.

"This would be the most effective way of driving forward legislation and governance that can improve awareness of this important subject among businesses and the general public," the expert added.

Russian security software company Kaspersky Lab said in a recent interview with Xinhua that the installation of the official Microsoft patch and security software updates can be an effective way of protecting computers from attack by the WannaCry ransomware.

Currently, the only right approach in case of a WannaCry infection that has been found effective is system reinstallment at the expense of encrypted file, Kaspersky said.

"If you find that your computer has been infected, you should turn it off and contact the information security service for further instruction." Kaspersky said.

Noting that precautions play a crucial part in defending against the WannaCry virus, Kaspersky suggests users install an official patch from Microsoft that closes the vulnerability used in the attack as well as upgrade the security software scanning critical areas at all time to detect potential infection as early as possible.

It also suggests that users create file backup copies on a regular basis and store the copies on storage devices that are not constantly connected to the computer, Kaspersky said.

For computers within corporate networks, once an attack is spotted, disconnection of the invaded computer from the Internet and internal networks needs to be done immediately, it added.

Tim Liu, co-founder and CTO of Hillstone Networks Inc., a Silicon Valley-based security vender, also recommended organizations adopt best security practices, including patching vulnerable systems promptly, adopting layered defense through a mixture of network and implementing incident response procedures and policies.

"Malware attack and detection is a cat and mouse game and technologies are evolving on both ends. Enterprises and users need to keep up to date on prevention measures to reduce and curb the damage from these attacks," said Liu.