May 16, 2017
Dr. Ömer Fatih Sayan, President of the Information and Communication Technologies Authority, made statements regarding the cyber attack that shook the world.
Emphasizing that the impact of the malicious software cyber attack, which was effective worldwide, was negligible in Turkey and did not disrupt the flow of life, Sayan stated, “As the BTK National Cyber Incident Response Center (USOM), the studies and precautions we carried out before the WannaCry cyber attack ensured that our country emerged unscathed from the attack.”
WANACRYPT MALWARE SPREAD BY EXPLOITING OUR VULNERABILITIES
BTK President Sayan commented on how the malicious software cyber attack known as WanaCrypt0r, WannaCry, Wcry spread and the method followed by the cybercriminals as follows: “The malicious software cyber attack has two attack vectors. The first one is the infection of the ransomware on the computer after users open files attached to phishing (fake/phishing emails) or links in the email content, which encrypts the files. The second is the self-replication of the malicious software from the infected machine to all systems in the internal network and to random machines on the external network. What the attackers who prepared the WanaCrypt malicious software basically did was to combine the increasingly widespread ransomware attacks in recent years with the SMB vulnerability in Windows systems, thereby expanding the attack surface to all systems worldwide that contain this vulnerability. There are two types of errors that the attack exploited here. These errors are: Users mindlessly opening phishing emails and system administrators not keeping Windows systems up to date.”
THE CYBER ATTACK CAUSED GLOBAL-SCALE DAMAGES
Stating that the answer to the question “Who suffered how much damage from the cyber attack?” could change at the end of the process, Sayan said, “We are talking about a global cyber attack and damages on a global scale. A wide range from official institutions to health systems, telecom companies to energy companies, universities to banks, and railways were affected in the UK, Spain, USA, Russia, Germany, and China. We hope this picture does not deepen further. We continue all kinds of work on our country's scale. Among the countries and organizations most affected by the cyber attack that disrupted the flow of life in many countries around the world;
UK NHS/Health System, Nissan UK
are included.”
BTK USOM ENSURED OUR COUNTRY EMERGED UNSCATHED FROM THE CYBER ATTACK
Emphasizing that the impact of the malicious software cyber attack, known to have spread to nearly a hundred countries worldwide, was negligible in Turkey and did not disrupt the flow of life, Sayan said: “As the BTK National Cyber Incident Response Center (USOM), we conducted detailed studies in March and April before the WannaCry cyber attack, anticipating the widespread risk posed by the critical SMB vulnerability in Windows systems. This work ensured that potential damages in Turkey were minimized.”
BTK WARNED 28,079 USERS AGAINST THE VULNERABILITY
Sayan explained USOM's work as follows: “I. In the preventive studies regarding the vulnerability and weakness in the system, following our announcement on March 21, we scanned more than 16 million machines across Turkey. In these scans, we identified 28,079 systems with the vulnerability and warned their system administrators and users. Some of these systems belong to individuals, others to legal entities. Among them, we detected around 400 systems that could be compromised by foreign intelligence services' exposed attack tools due to the DOUBLEPULSAR backdoor vulnerability.”
BTK-USOM DETECTED THE VULNERABILITY AND PREVENTED THE DAMAGE
“Following this process, as BTK USOM on April 25, we warned the Cyber Incident Response Teams (SOME’s) in 665 institutions regarding the vulnerability in Microsoft Windows;
-The services and/or operating systems running these vulnerabilities that cause the system to be compromised must be patched with security updates.
-If the SMB service is not in use, it should be disabled. Access to the service from the Internet should be blocked to reduce the attack surface (safer alternatives should be preferred for file sharing over the Internet), and we requested the vulnerability to be fixed. In the same process, we informed telecom operators operating the internet infrastructure and hosting companies hosting server systems to warn the owners of these systems with SMB vulnerability and DOUBLEPULSAR backdoor and to take necessary measures.
Finally, on May 12, when the WannaCrypt malicious software began to spread, we warned users as quickly as possible by sharing information about the malware both from USOM's Twitter account and from my personal social media account, announcing that the malware could spread in internal networks and that this spread originated from Windows systems without the MS17-010 update. These precautions and studies ensured that our country emerged unscathed from the first wave of the attacks.”
4 WAYS TO PROTECT AGAINST THE ATTACK
BTK President Sayan listed what needs to be done regarding the WanaCrypt malicious software effective worldwide as follows:
“I. System administrators should urgently apply updates (MS17-010) for Windows systems,
II. The SMB Windows file sharing service should be disabled when not in use,
III. Users should use up-to-date antivirus software,
IV. Caution should be exercised against phishing emails that arouse curiosity, and their attachments should never be opened.”