The Rockingham school district in North Carolina discovered Emotet malware had been installed on its network in late November. The cost of resolving the infection was an astonishing $314,000.
The malware was delivered via spam emails, which arrived in multiple users’ inboxes. The attack involved a commonly used ploy by cybercriminals to get users to install malware.
The emails appeared to have been sent by the anti-virus vendor used by the school district, with the subject line ‘incorrect invoice’ and the correct invoice included as an attachment. The emails were believable and were similar to many other legitimate emails received on a daily basis.
The emails asked the recipient to open and check the attached invoice; however, doing so would see malware downloaded and installed on the email recipient’s computer.
Soon after those emails were received and opened, staff started to experience problems. Internet access appeared to have been blocked for some users. Reports from Google saying email accounts had been shut down due to spamming started to be received. The school district investigated and discovered several devices and servers had been infected with malware.
Emotet malware is a network worm that is capable of spreading across a network. Infection on one machine will see the virus transmitted to other vulnerable devices. The worm drops a type of banking malware on infected devices that is used to steal victims’ credentials such as online banking details.
Emotet is a particularly advanced malware variant that is difficult to detect and hard to remove. The Rockingham school district discovered just how problematic Emotet malware infections can be when attempts were made to remove the worm. The school district was able to successfully clean some infected machines by reimaging the devices; however, the malware simply re-infected those computers.
Mitigating the attack required assistance from security experts, but even with expert help the recovery process is expected to take up to a month. 10 ProLogic ITS engineers will spend around 1,200 on site reimaging machines. 12 servers and potentially up to 3,000 end points must be reimaged to remove the malware and stop reinfection. The cost of cleanup will be $314,000.
Attacks such as this are far from uncommon. Cybercriminals take advantage of a wide range of vulnerabilities to install malware on business computers and servers. In this case the attack took advantage of gaps in email defenses and a lack of security awareness of employees. Malware can similarly be installed by exploiting unpatched vulnerabilities in software, or by drive-by downloads over the Internet.
To protect against Emotet malware and other viruses and worms layered defenses are required. An advanced spam filtering solution can ensure malicious emails are not delivered, endpoint detection systems can detect atypical user behavior, antivirus solutions can potentially detect and prevent infections, while web filters can block web-based attacks and drive-by downloads. End users are the last line of defense and should therefore be trained to recognize malicious emails and websites.
Only a combination of these and other cybersecurity defenses can keep organizations well protected. Fortunately, with layers defenses, it is possible to avoid costly malware and phishing attacks such as the one experienced by the Rockingham school district.
15 years after the launch of the wireless security protocol WPA2, the Wi-Fi Alliance has announced this year will see the release of the WPA3 protocol. The transition period from the WPA2 to WPA3 protocol is expected to take several months.
WPA2 was released in 2003, bringing with it a number of key security enhancements to its predecessor WPA. WPA2 fast became the accepted Wi-Fi CERTIFIED security technology and is now used in more than 35,000 certified Wi-Fi products, including smartphones, tablets, and IoT devices.
Since its launch, WPA2 has received several enhancements and the protocol will continue to be updated this year. The Wi-Fi alliance says updates will be applied over the coming weeks and months and will occur ‘under-the-hood’ and will be unnoticeable to users. The enhancements will address configuration, authentication, and encryption.
The first major update to WPA2 is for Protected Management Frames (PMF) in Wi-Fi devices, which ensure the integrity of network management traffic on Wi-Fi networks. The update concerns when devices are required to use PMF, refining configurations for Wi-Fi CERTIFIED devices to ensure the highest possible level of security.
The second enhancement requires companies to conduct additional checks of their devices to ensure best practices for using the Wi-Fi security protocols have been adopted. This will reduce the potential for the misconfiguration of networks and devices, further safeguarding managed networks with centralized authentication services.
The third major update standardizes 128-bit level cryptographic suite configurations, which will deliver more consistent network security configurations. The Wi-Fi Alliance VP, Kevin Robinson, said, “Often people may focus exclusively on the level of encryption when evaluating security of a technology, but there are a number of components—such as information protection (encryption), key establishment, digital signatures, and condensed representations of information—that work together as a system to deliver strong security.” This update will ensure all cryptographic components used are of the required standard, ensuring there are no weak links in the encryption chain.
By adding these enhancements to its Wi-Fi certification program, users can be sure all certified Wi-Fi devices will have the highest level of security.
The Wi-Fi Alliance says WPA2 will continue to be deployed in Wi-Fi devices, although following the launch of the WPA3 protocol later this year there will be a gradual transition to the WPA3 protocol. During the transition period, both WPA2 and WPA3 will be run concurrently. The process of changeover is expected to take several months, as it is necessary for all hardware to be certified to make sure the new protocol can be supported.
The WPA3 protocol will incorporate several important enhancements to improve Wi-Fi security. The full specifications have not yet been published but are expected to include increased privacy protections for users of open networks with individualized data encryption.
Controls to prevent malicious actors from undertaking multiple login attempts via commonly used passwords is expected, as well as more simplified configuration for IoT devices that do not have a display. The new WPA3 protocol will also use 192-bit security or the Commercial National Security Algorithm to improve security for government, defense, and industrial networks.
“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” said Joe Hoffman, SAR Insight & Consulting. “Wi-Fi is evolving to maintain its high-level of security as industry demands increase.”