Is the massive ransomware attack that recently hit organizations in over hundred countries worldwide also a threat for VoIP and other Unified Communications solutions? Good question. It seems that the further proliferation is – at least for a short period – halted because one security expert appeared to have found some ‘killer switch’ in the software. But experts are warning that the malware may soon continue it’s destroying work.
Security experts believe that the original version of the malware is the so-called WannaCrypt or WannaCry virus, which was developed by the US National Security Agency. The current attack makes use of a known Windows vulnerability (a patch was released in March) to encrypt victim’s data, lock them out of their systems and demand a ransom.
The specific ‘feature’ of this type of malware is that it does not just infect the computer of someone who opens a harmful email attachment. All other computers in an organization’s network may become infected as well since the malware supports a worm-type of further distribution.
Sometimes it sounds like ransomware attacks focus on personal computers and laptops and the files they contain. The suggestion you often read is that the damage is mainly in lost files and other information stored on those computers. People have to pay the ransom to release the data. However, the malware can also impact other systems. We received information that at least 16 NHS health service organizations were hit by the recent ransomware attack. The attack did not only harm regular computers. Staff also had to use their own mobile phones since the malware affected multiple key systems including the telephony system. And parking service provider Q-Park reported an infection where the virus blocked the ticket & payment systems. The company had to open the parking spaces manually.
Although the attack itself will typically be via an email which is accidentally opened by the receiver on his pc or laptop, the virus may spread itself to colleagues. Colleagues, their computers and the computer systems they manage. Such as your Unified Communication and VoIP system. Indeed, also your VoIP solution may be harmed by a ransomware attack.
The current attack is via email attachments which contain the malware. This doesn’t mean that the email channel is the only vulnerable access to your company IT systems. In an earlier blog we showed how phone systems can be used for social engineering tasks. A frightening scenario was where a ‘pseudo employee’ called his helpdesk from a known company number and asked them for help since he ‘was at a client meeting and couldn’t open a website’. They friendly assisted him by clicking that website from their computer and immediately the malware was downloaded to their helpdesk computers.
So, the telephone can also be the social engineering tool which is used to bring the malware into your premises. Specifically in organizations where the ‘technical IT security’ is at a rather high level and difficult to beat, social engineering is the next best way to get access. If someone doesn’t open your malicious email attachments, you’d better give him a personal call. It could be a hackers rule of thumb.