The results of an international investigation led by the British National Cyber Security Center have singled out a North Korean hacking outfit identified as the Lazarus Group as the one behind the WannaCry ransomware attack.
This ransomware is estimated to have affected over 300,000 computers in more than 150 countries across the globe. It may well have been a money-minting scheme that completely got out of hand. As it is, the hackers have yet to retrieve the funds they amassed in the form of bitcoin currency as doing so would make them vulnerable to exposure.
Still, if the recent government effort to train as many as 10,000 Kenyans for online jobs is anything to go by, we can expect that more individuals and growing businesses will need to become better aware of sensible security practices so that they are not caught unawares in a web of data breaches and online fraud. Some of the easiest brute force attacks that can be successfully directed against a target are the Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
The very first thing that individuals and businesses can do is make sure that they are running antivirus and antispyware software. These must be up to date if substantial protection against typical ransomware and other malware attacks is to be afforded. File and print sharing should also be disabled on computers that have sensitive data so that they are safeguarded from getting broadcasted to everyone connected to the same network.
And speaking of networks, wireless ones have become quite popular with many business establishments in the country. Encryption on these wireless access points goes a long way in preventing unauthorized parties from gathering and recording all (sensitive or otherwise) traffic that goes through them. Ensuring that you have WPA2 encryption turned on at the very least will go a long way in securing your network. You can always go a step further in protecting yourself by hiding your wireless network’s SSID (Service Set Identifier) so that only those that know it exists can gain access to it.
It is surprising that many routers still have their passwords as the default ones from their manufacturers. This is a potent security risk that should be rectified immediately, particularly if the router in question can be accessed and configured over an internet connection. A simple brute-force attack or even a lucky guess from a malicious snooper can result in having your settings changed or your log files compromised.
Other methods that both individuals and businesses should consider using to enhance their security include the proper use of virtual private networks (VPNs). Although data theft might not be as much of a concern for most Kenyans as device theft, whole disk encryption could also come in handy for those who move about with their laptops. And if the WannaCry debacle has taught us anything, backing up your sensitive data on the regular is definitely one of the best ways around to secure your peace of mind. You don’t want to be on the receiving end of an attack that leaves all your data locked up or lost for good.