Over the past month, we have seen two global ransomware outbreaks. The first, WannaCry, was stopped quickly because the creators were sloppy and didn’t secure the URL that the virus pointed to. All it took was a researcher to buy the URL and shut the outbreak down. If only all cyber-attacks could be stopped this easily.
This week we are seeing a second, possibly worse, attack called Petya. It started in the Ukraine, but appears to have spread around the globe, affecting companies from Russia to Britain, and from Spain to the United States. Why do these attacks keep spreading so fast and how can we stop them?
There are two fundamental causes for the spread of these attacks. One is the lack of vigilance in patching and upgrading Windows operating systems. The other is the fundamental flaw in TCP/IP networking that uses the IP address for both identity and location. We cannot do much about the former, but we can eliminate the latter.
Once a system is infected, malware like Petya spreads because the virus can exploit the fundamental flaw in IP addressing, perform reconnaissance on a network to discover other systems, and infect them. The more systems it has access to, the more systems it can infect. Security patches, updates and even firewalls offer little protection from this kind of attack.
The most effective way to prevent the spread of a virus like Petya is through identity-based micro-segmentation. While it does not necessarily prevent a system from becoming infected, it prevents the spread of the virus outside of the micro-segment, protecting the rest of the network. By assigning every system in a segment a unique crypto-identity and separating this from the location in an IP address, identity-based networking effectively cloaks a device or an entire network from the view of the virus.
Micro-segmentation also allows you to isolate and disconnect any infected systems on the network, further preventing the spread of an infection and securing the network. When applied as wide-area micro-segmentation, it is possible for an enterprise to segment and secure every device or system on their network, no matter where they reside in the world, meaning malware, like Petya, is at worst a hyper-local threat.
Today, the best way to achieve unbreakable micro-segmentation and avoid the vulnerabilities of TCP/IP networking is through identity-based networking solution that use the recently ratified Host Identity Protocol (HIP) (IETF HIP RFC 5201-bis). Properly orchestrated and provisioned, a HIP networking solution can almost instantly secure and segment any device, on any network, anywhere in the world. Keeping malware and viruses like Petya from spreading and damaging your network, destroying your data, or disrupting your business.
Find out more about Tempered Networks’ secure Identity Defined Networking (IDN) Solutions and discover how to stop the next Petya from spreading.