Friday, June 09, 2017
Ransomware Attacks Can Seriously Cripple Systems Like Aadhaar
What's WannaCry all about? It's what's known as ransomware—a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it. The malicious software is planted on the network and temporarily stalls users from accessing their systems till a specified amount of "ransom" is paid electronically. Usually, the ransom demand is in the form of crypto currencies such as Bitcoin whose transaction trail is virtually untraceable. Once the ransom is paid, the files and data are decrypted by the hacker. In most cases, the lockdown is done through Trojans which are planted into the network system as simple phishing or spam emails.
WannaCry was one of the worst malware attacks in history. Hackers used a flaw in Microsoft software to infiltrate unguarded systems. Microsoft had released a patch against this flaw in March but many system administrators failed to patch all computers—the ones which were unpatched became vulnerable to this attack.
The ransomware has the ability to jump from one network to another, prompting some cyber experts to coin a new term, "ransom worm". Interestingly, this flaw was used by NSA (The National Security Agency of the USA) to infiltrate computers across the world. However, the NSA had reported this flaw to Microsoft leading the latter to develop a patch for it. Hackers used vulnerable machines within networks of institutions such as NHS, UK (The National Health Services) to lock down electronic medical processes leading to numerous problems.
A ransomware attack can potentially stop critical services from functioning and therefore stakeholders have a very little negotiation power, leading them to comply with the "ransom demand" immediately.
Can such attacks impact services like Aadhaar?
Till now Aadhaar has been predominantly a non-linked service, which means that it contained mostly demographic information of citizens. But now Aadhaar is being linked to bank accounts, income tax, PAN and other more sensitive information. This makes it a huge threat surface for hackers to intrude upon. Imagine a situation where an intrusion happens through Aadhaar. Since the user's bank account is linked with his Aadhaar number, the ransomware can lock down the account and make it unusable unless a "ransom" is paid. Imagine the havoc and destruction it can create if something like WannaCry were to hit the Unique Identification Authority of India (UIDAI).
As we move towards a cashless economy, the threat becomes graver. In an increasingly digitalised India, the volume of electronic transactions will increase. Since Aadhaar is now being linked to our bank accounts, it is possible that in case of lack of preparedness on our part, a cyber-attack like WannaCry can block our access. The sheer volume of Aadhaar numbers and their linked financial accounts makes the Aadhaar system a sitting duck. According to reports, the outdated version of Window XP that WannaCry managed to exploit is used by 70% of Indian ATMs.
The losses from such cyber-attacks need not only be financial. The damage could be much more than financial in sectors such as manufacture, traditional healthcare and power generation which have not patched their systems to ensure security. According to CERT-In, nearly 11,000 networks in India have been victims of probing-scanning, in the past 14 months. Scanning and probing is the first step used by hackers, where they monitor the systems. This is generally followed by insertion of malware or ransomware.
The responsibility lies with both institutions as well as individuals. In the recent WannaCry attack, it is clear that the system administrators failed to secure all the systems on the network with the updated patch, leaving them vulnerable.
Institutions and governments need strong cyber-security and cyber-defence strategies. Cyber-defence capabilities, particularly, are essential as hacking becomes extremely easy and pervasive. From an individual's standpoint, we should firstly be aware that our digital devices have a possibility of getting compromised. In terms of best practices, it is advisable to keep our antivirus updated and lookout for new patches that keep our software updated. Needless to say, downloading and accessing unauthorised software or websites should be a strict no-no for both personal devices as well as systems within enterprise networks.
Posted by Ahssan Innlive