WannaCry Forced Everyone to Pay Attention to Cyber Security
The 2016 Shadow Brokers NSA hack came home to roost in a big way last week, when a code execution vulnerability contained in the Shadow Brokers WikiLeaks dump was used to launch the largest ransomware attack in history. The WannaCry ransomware strain, also known as WannaCrypt, Wana Decryptor, and WCry, hit hundreds of thousands of computers in 150 countries before it was halted — temporarily — when a Security analyst stumbled upon a “kill switch” in the code. However, even the analyst who discovered the kill switch emphasized that the fix was, indeed, temporary; reports of new variants are emerging, and the kill switch does nothing to help the armies of machines that have already been infected.
WannaCry wreaked havoc on companies in numerous industry sectors, including French car manufacturer Renault and Spanish telecommunications giant Telefonica, but perhaps the most stark illustration of the damage was what it did to Britain’s National Health Service (NHS). The Guardian reports that 45 NHS facilities were infected, forcing hospitals to redirect ambulances, postpone treatments for cancer patients, and warn patients of delays overall.
Organizations in the U.S. were fortunate; a Department of Homeland Security spokesperson told NPR that the number of WannaCry ransomware victims stateside was “very small.” But that’s only because of luck — and luck eventually runs out.
WannaCry Ransomware Took Advantage of Old, Unsupported Systems
The WannaCry ransomware nearly exclusively impacted enterprise machines, not home computers, because the latter are more likely to be running updated operating systems, and WannaCry exploits a vulnerability in Windows XP up through Windows Server 2012. Microsoft released a patch for the newer end of that range in March, but the company stopped supporting some of the older systems in the group, including Windows XP and Windows 2000, years ago. After the WannaCry attack, Microsoft took the highly unusual step of issuing an “emergency patch” for Windows XP, Windows 8, and Windows Server 2003.
As soon as WannaCry hit, the buck-passing commenced. The British media attacked the government for not sufficiently funding the NHS. Microsoft criticized the NSA for not properly securing its cyber-weaponry. Meanwhile, Microsoft itself came under fire for not issuing security updates for legacy systems that it knew were still in wide use. Security experts reiterated the age-old warnings to organizations about keeping their systems updated and engaging in proactive measures to prevent attacks like WannaCry.
Do We Have Your Attention Now?
The WannaCry ransomware attack shouldn’t have surprised anyone. cyber security experts have been warning about large-scale attacks on critical infrastructure for years, and there have been numerous smaller-scale ransomware attacks on U.S. emergency services. The only surprising things are that it took so long for something like this to happen, and that the United States was not hit as hard as the rest of the world, particularly since preliminary evidence indicates that WannaCry may be the work of the same North Korean hackers who were behind the Sony Pictures email hack and last summer’s SWIFT network attack on a bank in Bangladesh.
American healthcare facilities are plagued with the same cyber security problems as the NHS, including antiquated legacy systems and an unwillingness on the part of organizations to invest in proactive cyber security measures. Other industries aren’t doing that much better, including the government. After all, the exploit that started all of this was stolen from an American spy agency. If the NSA cannot properly secure its systems, what does that say about everyone else?
The WannaCry attacks are the natural end result of the government, private-sector organizations, and the public engaging in reactive cyber security at best, and remaining ignorant of cyber security at worst. Mere days before WannaCry hit, the Trump Administration issued an executive order commanding the federal government to get its cyber security house in order. Private-sector organizations and, yes, individuals need to do the same. Everyone needs to be aware of the seriousness of engaging in proactive cyber security best practices and the severe potential consequences of not doing so.
Thanks to WannaCry, everyone now knows what ransomware is and what it’s capable of doing. The question is, what are we going to do with this information?
The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.
Lazarus Alliance is proactive cyber security®. Call 1–888–896–7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.
Originally published at lazarusalliance.com on May 17, 2017.