Where exactly did you lose that cyber weapon? Reflections on the Wannacrypt ransomware attack
The Wannacrypt (or Wannacry) ransomware attack, which started on Friday 12th May 2017, did much to open up the conversation about IT security in general and hacking in particular.
The story may have started out by being framed as an attack on the NHS. However, over the following days it grew to encompass a much broader narrative from which a number of other strands have emerged. These really shine a light into the darker corners of IT security and make for some interesting talking points.
Here are some of them, substantiated by supporting facts gleaned from the wider context of the Wannacrypt attack.
- Government agencies are actively engaged in trying to crack IT security: The Wannacrypt attack exploited a vulnerability in Microsoft operating systems that was discovered by the US government’s National Security Agency (NSA), a military intelligence organization and a constituent of the United States Department of Defense (DOD).
- Security agencies expect companies to be nice to them but they don’t reciprocate: Although Microsoft has done the NSA more than a few favours over the years, the NSA didn’t tell Microsoft about this discovery, and the many other ways it had discovered to compromise Microsoft operating systems In effect, the NSA has been stockpiling cyber weapons.
- ‘Back doors’ do exist after all! The existence of ‘back doors’ – secret ways to hack systems – are often speculated about and often dismissed as conspiracy theories – but this is proof of the principle; the NSA went and actually built a ‘cyber weapon’ called ‘EternalBlue’ specifically to be able to hack who, when and where ever it wanted…
- Government agencies are as vulnerable to hacks as just about anyone ‘EternalBlue’ was stolen as part of a haul of 1GB of data, probably in an act of insider theft similar to Edward Snowden’s. It was then published to the world by The Shadow Brokers (TSB), a hacker group.
- Who was behind it – ‘state actors’, cyber criminals or hobbyist hackers? Currently, we really don’t know whether the Wannacrypt attack was initiated by a rogue state actor, cybercriminals only interested in cash, or by a hacker group doing it for bragging rights; some researchers say evidence points to a certain rogue state.
- Research by IBM Security threw up the possibility the attack was not spread by email Email is the usual vector for such attacks, either as an email attachment or with a link that downloads and launches the malware. Searches of IBM’s database of more than 1 billion emails could not find any evidence it was spread by internet mail services. Some researchers found links in phishing emails.
- Wannacrypt might be used again… If it wasn’t email, how did Wannacrypt spread so extensively, (230,000 computers in 150 countries) and could it be repeatedly used again? Variants of Wannacrypt have indeed appeared – some with the kill switch – which allows the attack to be turned off – removed. There seems to be no clear indication of how Wannacrypt initially infected the first computer on the networks it attacked. Essentially, knowing how malware infects and spreads is key to being able to stop existing attacks and anticipate new ones.
Please Mr Cyberspook – be more careful with the cyber weapons!
In a world where WikiLeaks liberally publishes secret documents and the existence of the PRISM mass surveillance program has been revealed by Edward Snowden, then perhaps none of this should surprise us. But it does make you think…
Some might say that if governments’ spy on everyone to help prevent atrocities like 9/11 in 2001 in the US, or 7/7 in 2005 in the UK, then that’s a price worth paying. Maybe there is a point there. On the flip side, some might find surrendering privacy for security an unacceptable trade off.
Whatever your view, in this case, the carelessness of government agencies with their ‘secret’ IT security hole discoveries and cyber weapons technology is creating an enormous amount of disruption and inconvenience for businesses, not to mention hitting profitability and damaging reputations.
Perhaps if there was a consensus from the business community, then one strong message to the cyberspooks might be: Please lock up your cyber weapons properly and stop them falling into the wrong hands!
Take control of GDPR compliance with Paralogic
The essential takeaway for most businesses is that when it comes to information security, there is no room for complacency. IT security practice, needs to be exemplary – by both in-house IT teams implementing security solutions and system users’.
The forthcoming GDPR information security standard requires all businesses to comply and for those that need to sharpen up, the new standard represents a chance to start with a clean slate.
GDPR, comes into force on the 25th of May 2018. We have a significant program of consulting in place to help existing and prospective clients to prepare for the new information security standard.
There is no quick fix to compliance, and firms and public bodies need to get ahead of the curve. There are considerable financial penalties for non-compliance of up to €20m or 4% of group annual global turnover.
Consequently, all in scope of GDPR are advised to start on the journey to compliance in good time. In the words of the ICO, the regulatory body:
“You may find compliance difficult if you leave your preparations until the last minute.”
To get started on the journey towards better data security today, simply get in touch.
Do you want some free, Strategic IT support?
Get started with a free one hour IT consultation. Discover the latest technology and discuss your current and future IT requirements.Talk to us ›