Which Attacks Must Be Prevented in Addition to WannaCry Ransomware?

The WannaCry ransomware attack is an ongoing global cyberattack that uses a cryptoworm which targets computers running Microsoft Windows, encrypting data and demanding ransom payments via Bitcoin, a cryptocurrency and digital payment system. The attack started on Friday, 12 May 2017 and has been described as unprecedented in scale, infecting more than 200,000 computers in over 150 countries.^[1] In less than a week, WannaCry has evolved into a global public security threat.

Map of the countries initially affected^[1]

So far, the economic loss caused by the ransomware attack has not been released officially, but the estimated loss will be significant. Which attacks should enterprises be weary of? Which must be prevented? Avoiding another type of WannaCry ransomware attack is essential.

As early as two years ago, it was reported that enterprises suffered from phone flooding attacks, which also demanded ransom payments. If ransom was not paid, enterprise communication services would be crippled, causing vast losses for business.^[2]

There are two types of common security threats to enterprise communication services. One is the Phone flooding type, which is a Telecommunication Denial of Service (TDoS) attack that attempts to disable enterprise communications systems. This type of attack could cripple an enterprise, such as call centers, that mainly provide communication services.

The other type of attack is toll fraud. Hackers attack enterprise communication systems, such as a SIP Private Branch Exchange (PBX), to call international information centers for illegal profits. In 2013, Melissa, the owner of a ReMax office in America was shocked by a high phone bill, totaling close to $600,000 for calls she did not make. Hundreds of calls were made to Somalia, Guinea, and Azerbaijan, which had no business relationship with the ReMax office.^[3]

So what can we do to resolve security issues on an enterprise communication network?

The Huawei Enterprise Session Border Controller (eSBC), our most advanced enterprise communication security device, is deployed at the border of the enterprise network to help enterprises solve two major security issues.

Huawei eSBC

1. Defense against various types of TDoS attacks using IDS

• The eSBC constantly analyzes user behavior in-depth, and identifies attacks and takes security measures, protecting authorized user rights and eliminating the impact of network attacks on enterprise services.

2. Prevention, attack defense, and fraud prevention, protecting enterprises against toll fraud

• Prevention: Huawei eSBC supports message proxy and topology hiding, to hide IP addresses and ports, preventing attackers from finding targets on enterprise networks.

• Attack defense: Huawei eSBC defends against brute-force cracking attacks. Attackers cannot log in to an enterprise network or commit fraud.

• Fraud prevention: Huawei eSBC supports CAC, granting user-specific call rights and preventing toll fraud caused by account leaks.

Huawei eSBC also supports the following functions to protect the enterprise services of authorized users:

• Overload protection for valid services: Huawei eSBC supports service-aware flow control, ensuring the high-priority user and emergency service success rates during peak hours.

• Bandwidth control: Huawei eSBC restricts bandwidth resources available to a user to prevent overuse of resource.

• Communication encryption: Huawei eSBC supports signaling and media encryption, securing communication content and preventing disclosure of business information caused by session hijacking.

Huawei eSBC has been globally deployed on thousands of enterprise networks in many industries, including government, finance, energy, education, transportation, and telecommunications.

Huawei eSBC, always securing your enterprise networks.

[1] https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

[2] http://gd.people.com.cn/n/2015/1111/c123932-27076522.html

[3] http://www.missourinet.com/2013/05/16/remax-office-owner-hit-by-phone-fraud-600000-bill

Huawei Cloud Surveillance Systems Remain Reliable in the Face of a Global Ransomware Attack

Is your computer infected today?

Source: https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/

Or even if your computer luckily defends against this attack, your antivirus software continuously alerts you to the full intrusion of this attack.

On the morning of May 12, 2017, the WannaCry ransomware spread globally, affecting the UK, the US, Russia, China, and eventually over 150 countries. Dedicated networks of government institutions, large enterprises, and college campuses were among the targets of the attack.

Globally, video surveillance systems designed to ensure public safety and security have also been seriously affected by the virus.

According to reports, normal services across dedicated public security networks in China have been hit by the attacks. Video surveillance platforms connected to thousands of cameras have been affected, leaving many blind spots in public safety and security surveillance. Video surveillance vendors have since urged public security departments to shut down video surveillance systems temporarily for patches to be applied and the integrity of networks restored.

How can you prevent such problems before they happen?

The ransomware affects only machines running on Windows. Because Huawei's Video Cloud Node (VCN) and Video Content Management platform (VCM) run on Linux, they have not been affected by these large-scale cyber-attacks. As a result, the system has maintained normal operation.

In addition to running on Linux, Huawei's video surveillance cloud platform is equipped with mechanisms to defend against ransomware and other cyber-attacks, ensuring system safety and security. These mechanisms include:

1.    Security hardening for Linux

Cyber-attackers gain access to operating systems through insufficiently protected ports. Huawei has disabled the ports that are not required, minimizing the risk of attack.

2.    Removal of root user operations

Service systems run the corresponding program to remove root user operations and minimize file permissions. If the system is attacked, this mechanism minimizes potential damage by preventing the attack to the system and network from becoming more embedded.

3.    Hierarchical key mechanism

Sensitive information has been encrypted. Non-reversible passwords are iterated 10000 times using Pbkdf2, and reversible passwords are encrypted using AES256+iv. Furthermore, the system uses a hierarchical key management mechanism, so even if the encrypted information is disclosed, it cannot be decoded.

4.    End-to-end channel and media protection

Security modules are embedded into the IPCs, network devices, and video surveillance platforms. End-to-end secure channels are established from the front-end IPC to the platform. The media files and image data are encrypted, helping to ensure channel security while protecting the content.

Video surveillance systems running Windows are now highly vulnerable to the WannaCry ransomware attacks, posing a threat to public safety and security. Starting May 13, Huawei has been helping video surveillance customers migrate services and ensure the safety and security of their network and systems.

Huawei MEC@CloudEdge Builds a Ubiquitous Edge Network

[Beijing, China, April 27, 2017] At 2017 MEC Technology and Industry Development Summit, Guo Jianhua, PS MEC chief marketing expert for Huawei Cloud Core Network Product Line, delivered a keynote speech "MEC@CloudEdge Builds a Ubiquitous Edge Network", which demonstrated the MEC evolution process, Huawei MEC solution architecture, and application scenarios.

Guo Jianhua, PS MEC chief marketing expert for Huawei Cloud Core Network Product Line, delivered a keynote speech

In 2012, Huawei and Vodafone jointly proposed the original MEC concept. In 2014, six carriers and communications equipment vendors, including Huawei and Vodafone, worked together to set up a MEC work group for ETSI. In 2016, MEC-related techniques were written into 5G specifications and MEC had become a native feature of the mobile core network. Since then, MEC developed rapidly.

As a MEC solution towards 5G, Huawei MEC@CloudEdge solution co-deploys applications, contents, and some service processing and resource scheduling functions of the MBB core network at the radio access network (RAN) edge. This solution processes services in close proximity to subscribers and coordinates applications, contents, and networks, offering a reliable and improved service experience.

Technical highlights of Huawei MEC@CloudEdge solution are as follows:

• Uses the cloud native architecture and techniques, such as stateless design, hardware and software decoupling, cross-DC deployment, service-oriented architecture, and automated O&M integration, to improve reliability, flexibility, and performance when resources are limited.
• Separates the control plane from the user plane to flexibly deploy network functions. Such separation function enables the central DC instead of the gateway to support complex control and logical functions and moves the user plane to the edge DC to locally process and forward services, thereby implementing local breakout.
• Opens network capabilities and integrates third-party applications. This solution integrates Huawei CloudUIC, CloudMSE, and third-party applications to open network capabilities, providing new business applications and innovative business models for carriers.

MEC is applicable to multiple scenarios and has applied to B2B and B2G markets. Currently, Huawei cooperates with leading global carriers, such as China Mobile, China Telecom, China Unicom, and Vodafone, to make contributions in MEC service innovation and business practices. Service scenarios involved are local breakout scenarios and network capability exposure and application integration scenarios.

• Local breakout is implemented on applications that have high requirements on bandwidth, latency, and security. For example, a high-definition (HD) video can be cached on a node close to the RAN side, saving transmission bandwidths and improving user experience. Network and service functions of the core network are moved to the RAN edge, reducing unnecessary intermediate levels and supporting low-latency real-time sport event broadcasting. For office campuses with high information security requirements, data processing is terminated in the campus DC to ensure information security.
• More diversified business scenarios are implemented by network capability exposure or third-party application integration. For example, when network QoS capability exposure is enabled, the control plane invokes this capability to establish dedicated bearers for subscribers, ensuring QoS. When location data exposure is enabled, a population density map is provided for subscribers in business districts to support indoor navigation. When a third-party video acceleration tool is integrated, subscribers can watch videos smoothly. Contents can be filtered by inserting push information into the toolbar and integrating URL filter.

At MEC Congress held on Munich, Germany in September 2016, Huawei MEC@CloudEdge won the ‘Best Edge Computing Technology’ award. This award shows industry recognition of Huawei’s MEC@CloudEdge in terms of providing leading architecture and technology standards for future-oriented cloud-based networks and for Huawei’s outstanding contribution to the MEC industry.

Ecosystem construction is indispensable to MEC development. Huawei MBB Interconnect Open Base and MBB Interconnect Open Industry Alliance have cooperated with about 100 partners for in-depth communication, cooperative research, R&D, and test. In future, Huawei will further coordinate with carriers and partners to build an ecosystem, achieving a win-win outcome.