Friday, May 19, 2017

Checkmate to cybersecurity

Chess is the strategy game par excellence. Two opponents, 16 pieces and a single goal: to kill the king. Although the rules are simple, it is not an easy game to dominate. The anticipation to your adversary and the study of all the possible variables of attack turn the chess into an art that only lives up to the best ones. In fact, this difficulty makes it to be considered a sport.

If we draw a parallel between chess and the world of cybersecurity, we could declare this week as a checkmate of cybercriminals to security in the network. The WannaCry attack that has affected more than 200,000 computers in 179 different countries has been the masterstroke that has tarnished all week.

The incident, which took place last weekend, is still being investigated to find out how it could affect so many people. On Tuesday, our colleague Pablo Yglesias did a previous analysis of the attack thanks to an interview conducted by Although it claimed that the reputational impact of ransomware had been overwhelming, it had not affected at the same level. In addition, he pointed out that although the origin of the attack is North Korea, it does not mean that cybercriminals are from that country.

This Wednesday we discovered that the ransomware that has ravaged the world used an old school method. Instead of using the typical malicious link mail, the attack was performed in three stages, starting with remote code execution and malware gaining advanced user privileges. The ghosts from the past keep tormenting us.

To this day, a week after the hecatomb, the web GoNetFPI has made a step-by-step guide on how to act before WannaCry, explaining the payment process. Both from their website and from ours, we insist that we do not have to pay for this type of rescue, but we know that for desperate moments, desperate measures.

However, even though WannaCry has put cybersecurity on check, it is not the only game being played on the cybersecurity board. And the bad guys do not always win. Yesterday we found out that Joomla, one of the most famous CMS in the world, patched a critical vulnerability in SQL Injection.

Chess plays can take hours and a single oversight can expose the king (in our cases, the data) and allow our rival to win the game. It doesn’t matter if before that moment we were playing perfectly, since the opponent will take advantage of the slightest mistake to defeat us. It also happens with cybercriminals, that is why we should not be reckless and we must plan all kinds of strategies to protect the king and keep our data safe.


Post a Comment