“Do not wait for somebody to protect you from cyber-attacks – protect yourself”

The ransomware program WannaCrypt has thrown the world into a panic, and Microsoft is calling for a new Geneva Convention to end the stockpiling of cyber weapons. “It is a good idea. But it will take years before it becomes reality – if it ever does. In the meantime, you can protect yourself with the method whitelisting,” says Bjørn Søland, technical expert at identity and security company Nexus Group.

WannaCrypt (also called WannaCry, WanaCrypt0r 2.0 and Wanna Decryptor) quickly spread around the world on May 12, 2017, blocking Microsoft Windows user from their data unless they paid a ransom using Bitcoin.

“The scale of the attack is unprecedented and shows yet again why governments’ stockpiling of vulnerabilities is such a problem: Repeatedly, exploits have leaked to the public and caused widespread damage. We have seen vulnerabilities stored by the NSA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected organizations and individuals around the world,” says Søland.

Stockpiling of cyber weapons

Brad Smith, Microsoft’s president and chief legal officer, calls for a new Geneva Convention to end this stockpiling of cyber weapons.

“He wants governments to inform tech companies about the vulnerabilities so that they can patch them. But I doubt governments are going to agree, or find ways to enforce such an agreement. If they do, it will take many years.  This means that there will continue to be a big chunk of time between when a vulnerability is first found – day zero – and when it is patched,” says Søland.

When a vulnerability is patched, users can protect themselves by updating their systems.

“But organizations do not have to wait for a patch to be developed. They can instead protect themselves by installing whitelisting software on their systems,” says Søland.

Whitelisting is the opposite of antivirus programs’ blacklisting of malicious code.

Whitelisting blocks malicious code

“A list of applications that are approved to run on the system is created, and the whitelisting software blocks any software that is not explicitly allowed to run. This is a very underutilized method – many people do not even know it exists,” says Søland.

Nexus provides a whitelisting product called Nexus SE46 that consists of a management station, a certificate authority that is used to digitally sign the approved software and agents on the individual computers. SE46 can be used on all Windows-based systems such as mail servers, file servers, web servers, database servers, ATMs and cash registers.

“Today it is not feasible to whitelist all digital systems – an infrastructure where trusted whitelists can be shared between organizations smoothly has to be constructed first. But all critical systems with specific functions, where one does not need to regularly add software or Excel macros, should be whitelisted straight away. Do not wait for somebody to protect you from cyber-attacks – protect yourself,” says Søland.



Published 15/5 2017