The ransomware, christened WannaCry, has struck systems around the world on Friday. However, there have not been any known cases of WannaCry infections in the UAE or the Middle East in general. How do you guard against this ransomware? What are local organisations doing to combat the threat? Tahawaul Tech spoke to some of the users and security pros:
Mario Foster, CIO, Al Naboodah Group Enterprises: “We established an emergency response team over the weekend and worked actively on Saturday to ensure all the required patches are in place. Microsoft released the patches in March and we applied that in April. In addition, we have increased the detection level of our email gateways, and sent out advisories to all our employees. Though WannaCry did reach us, not a single machine has been infected. We are even doing additional patching on the server level.”
Hariprasad Chede, CISO, National Bank of Fujairah: “You have to stick to the basics. The patch was released in March but many people neglected it to focus on the latest technologies. User awareness is key and organisations in the region must establish an incident response mechanism to tackle threats like this.”
Ahmed Ebrahim Al Ahmed, CIO, Nakheel: “Nakheel has always been up to date with security patches and this ransomware is the result of human error. As a procedure, we often send out mails to all our employees and warn them against clicking on suspicious links or opening email attachments. The right kind of user awareness training can help you protect against such threats.”
Suresh Kumar, Head of IT, Byrne Equipment Rental: “The recent WannaCry attack is a wake-up call to the users on the risks they face by not keeping these devices up to date and also to IT heads on the potential risks they are exposing their infrastructure to. The age old reason has been the need to run outdated OS to support legacy systems, but I believe it is time for us to push the vendors to provide updated and safer version, or for us to look at other options.”
Amit Roy, executive VP and regional head, Paladion: “Currently there are no WannaCry Decryption tools or solution available, but companies and users can take several preventive actions to ensure that they do not fall victim to such attacks. Steps like your system is updated OS with latest patch released by Microsoft, taking regular backups so that even if you are impacted your data is with you, being extra cautious of the uninvited documents sent over mails, downloading software and applications only from official sources and not from pirated sites, can help users stay away from such ransomware attacks.”
Amir Kolahzadeh, CEO, ITSEC: “Ransomware in general is not coded based on a targeted demographic or location. So, the Middle East and UAE are not protected or safe from it. Even though the UAE in particular is extremely well prepared and equipped to deal with large scale attacks, we constantly observe that users are inadequately trained in cybersecurity awareness which is the only way to protect the organisations against such cyber-attacks.”
Jude Pereira, managing director, Nanjgel Solutions: We have got proof that systems have been infected in Saudi Arabia, Qatar and the UAE, but no one wants to admit it. I haven’t seen any regional CERTs come out and declare that we are safe. It is a global outbreak and it would be wrong to assume that we are safe, but there are mitigation strategies to safeguard against this. You need to have multiple solutions, and the quickest remediation step is backing up your systems, followed by privileged access and user activity monitoring.”
Eddie Schwartz, executive VP of Cyber Services, DarkMatter: “We have not received any specific reports of direction infections from our customers because they have applied the patches released by Microsoft in March and over this weekend. There have been rumours of smaller organisations being affected but we don’t have any evidence of that. What you need to bear in mind that there are systems that are infected but not activated yet. The cybercriminals have access to these systems and they can change the payload of the malware. Just because this is not a major issue in the region, there shouldn’t be any false of security. So if you haven’t applied the patches, you must do so immediately and warn your users.”
Dan Sloshberg, cyber resilience expert, Mimecast: “The vast majority of ransomware attacks are spread by email yet many organisations still rely on outdated email security controls that simply were never designed to stop these advanced attacks. Bowing to these criminals ransom demands only emboldens and finances them for further attacks. Malicious links or weaponised email attachments are the biggest threat to the nation’s critical services.”
Nicolai Solling, director, Technology Services, Help AG: “When WannaCry broke out, it was Thursday afternoon in Europe. I must say, Middle East organisations are quite lucky because it was the start of the weekend here and that’s probably why we are not as affected as those companies in Europe and the US. However, the attack is far from over, in fact, we are now seeing the next variation of WannaCry. Over the next few days we should be extremely careful when opening emails, downloading documents and clicking on links. IT security leaders should also make sure that they patch any Microsoft vulnerabilities in their systems. Even better, disable SMBv1 in their machines and block all versions of SMB on the network.”
Jimmy Graham, director, Product Management, Qualys: “The rapid weaponising of newly disclosed nation state exploits for criminal purposes and, in this case, monetary gain, places new burdens on enterprises’ security organisations. They now must deal with destructive and fast-moving cyber-attacks such as WannaCry which requires putting in place systems, tools, and processes to quickly identify, prioritise, and remediate these vulnerabilities.”
Tabrez Surve, regional security sales manager, Middle East, Turkey and Africa, F5 Networks: WannaCry ransomware broke out on last Friday, and offices were closed in this part of the world. This gave companies enough leeway to patch their systems and build counter measures. However, there is lot of panic around at the moment. There are two mitigation strategies- first one, of course, is to patch the systems. Secondly, you should do network segmentation because this ransomware is spreading through the file sharing SMB protocol. You should also restrict traffic to TCP port 445.”
Mahmoud Mounir, regional director, Middle East, SecureWorks: “So far, there are no WannaCry incident reported here in the region yet. However, we advise companies to make sure that they take the necessary precautions should they get hit by this ransomware attack. They need to have backup and recovery systems in place especially for the highly sensitive data that they have. In addition, it is now more important than ever for IT leaders to ensure that their user awareness programmes are kept in check.”