As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here’s my two cents:
- Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100% year-over-year growth.
- For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the Internet worms we saw back in the 2000s (i.e., Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back but I always thought they’d be used as a smokescreen for other attacks. Looks like ransomware and Internet worms can be as compatible as chocolate and peanut butter.
- Anyone who knows me or reads my blogs knows that I’ve been screaming about the cybersecurity skills shortage for years. Oh yeah, it ain’t getting any better—ESG research indicates that 45% of organizations say they have a problematic shortage of cybersecurity skills today. Think of the impact of ransomware like WannaCry as a ramification of the skills shortage. We simply don’t have enough trained security folks scanning systems, doing threat intelligence research, or responding to incidents when they occur.
- On a similar note, software patching continues to be one of the more operationally-intensive activities for security and IT operations folks and always seems to be a struggle. I’m sure a lot of shops simply never got around to patching thousands of Windows systems after the March patch updates were issued. Health care organizations may have been precluded from patching systems until the patch was approved by some slow moving regulatory body or software provider. It should be noted that I’ve heard that this patch was particularly onerous, which may have held operations back.
- It’s true that cybersecurity has become a boardroom issue so allow me to offer a suggestion to all the business executives becoming more involved in cybersecurity strategy: Push your organizations to develop a plan to get off Windows XP as soon as possible. If boards are truly serious about mitigating cyber-risks to the business, they shouldn’t take no for an answer.
- Here’s another head scratcher in 2017: Many organizations still don’t back up systems regularly if at all, and this poor hygiene is especially true regarding PCs. Look for WannaCry and similar attacks to cause a temporary spike in business at Carbonite, LiveVault, etc.
- Note that WannaCry impacted a lot of health care institutions, which tend to run many standalone PCs. This is a perfect application for desktop virtualization. When Ransomware strikes, you simply shoot the image and restore a healthy one.
- Cybereason offers a free ransomware protection tool here. It’s worth installing. Just thinking here...if Cybereason, an EDR vendor, can write and distribute Windows-based ransomware protection for free, why aren’t all the AV vendors providing their customers with similar free ransomware defenses?
- It’s been reported that cyber-adversaries targeted zero-day vulnerabilities stolen from NSA as part of WannaCry. If this is true, I wonder if NSA has any legal liabilities for damages? Regardless, it’s time for US military and intelligence agencies to abandon their obsession with offensive cyber weapons and begin a serious national (and international) discussion about cyber rules of engagement. WannaCry isn’t a one-off attack—once similar sophisticated tools and zero-day vulnerabilities find their way to cybercriminals, NSA cyber-techniques (paid for by US taxpayers) will continue to be used against us big league.
- Just a theory but I wouldn’t be surprised if WannaCry originated in North Korea.
Finally, those of us in the cybersecurity professional community have been expecting something like this for a long time. My advice to PC users is to proactively learn more about cyber-risks and seek out protection—don’t wait for someone else’s help.
At least WannaCry or something similar didn’t take down the power grid—not yet anyway.