Bad Rabbit – what is it, and what does it mean for IT specialists?

by Heat Recruitment

The number of cyber-attacks we see in the wild today is undoubtedly on the rise. From the Mirai botnet to WannaCry, we now see the newest iteration – Bad Rabbit. This ransomware is the second example of an NSA-leak turned pan-region. The original, WannaCry, utilised the EternalBlue vulnerability in Windows PCs and then spread across multiple networks. The result was well publicised – the shutdown of various NHS trusts and the hampering of critical infrastructure.

Bad Rabbit is another example of a leaked NSA exploit – EternalRomance. This time, the Kiev Metro system and a Ukrainian airport were believed to be among the original targets – ones in a string of many against critical infrastructure in the nation. The most recent, of course, being the attack on Ukrenergo, the state power operator, which saw Ukraine lose electricity for an extended period. The use of nation-state level cyber-attacks is on the rise – concerning, these exploits are actually being used, post-leak, by lower skilled operatives.

In short, instead of the scalpel-like approach for which these attacks were intended, similarly to Stuxnet in Iran, the action is more akin to breaking down the front door and hitting the servers with a mallet until you’re paid to stop. The difference with the Bad Rabbit attack, however, is its attack vector. For years, users have been required to accept all updates to their devices, enabling them to carry on with their work. The Bad Rabbit attack deliberately mimics (badly, some may say) an Adobe Flash update. On visiting certain sites, users were met with a requirement to update – thus downloading the ransomware package.

For IT specialists, attacks of this nature represent a pressing need. To maintain uptime and operational effectiveness, businesses must ensure the security of their systems. The US Computer Emergency Readiness team confirmed that it “discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored”. The best way to avoid the damage caused by ransomware attacks, therefore, is prevention.

Recently, a think tank has noted that the most effective way to ensure security is employee awareness. The experts confirm that: “All it takes for ransomware to end up on your systems ins for one of your users to open up an infected attachment”. Phishing emails are a key method of distributing said attachments, although spearphishing, CEO fraud, malware-ridden web-advertisements, and even simple phone calls are all viable methods.

To avoid these attacks, firstly, a base standard of security is required. Systems must be kept up to date and patched. One of the most commonly touted reasons for the NHS’ failure in the face of WannaCry was their lack of updates – many systems still utilised Windows XP. The second requirement we see is for anti-malware systems. While these software packages are by no means perfect, the overwhelming majority of attacks look to target the lower common denominator – even basic security considerations can result in attack displacement.

Ultimately, employee education is the be all and end all behind effective security. Even with a robust update procedure and anti-malware package, should a single malicious link appear and be clicked, ransomware could enter your organisations perimeter. IT specialists are needed more than ever to guide and further develop the security process within businesses. It is a fact behind computing in the modern world that as these attacks continue to increase in number, so too will the required number of security specialists increase in tandem.

In history, mercenaries (also known as freelancers) were known to offer their services for attack and defence. Today, we see this group under a different name, with vastly different roles. IT freelancers are now a vital part of the security picture – instead of moats and portcullises, the new battlefield is email and code.

By Chris Reid