Story image

Two years on: Have organisations learnt from WannaCry?

10 May 2019

The month of May this year marks a special anniversary – two years since WannaCry caused chaos worldwide.

It was labelled as ‘one of the most destructive pieces of ransomware ever’, targeting computers running Microsoft Windows by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

The main reason for its effectiveness (and the reason it is still talked about today), though, was its worm-like ability to spread through an entire organisation in a matter of hours.

In light of this, Skybox Security threat intelligence director Marina Kidron has shared her insights on whether organisations have learnt from attack, whether a repeat attack could still occur, and if there are any more pressing threats on the horizon.

“In terms of WannaCry Mark 2 happening, we are not out of the woods. Last year, 32 vulnerabilities affected Windows which were similar to those exploited by WannaCry. In theory, any of these vulnerabilities, if left exposed, could be used today to forge another global attack,” says Kidron.

“Paying lip service to ransomware can have serious consequences. This is something that many businesses recently discovered when they were ill prepared to handle the 'Sodinokibi' ransomware which recently exploited an Oracle Weblogic zero-day vulnerability, causing significant damage.”

Kidron says despite what happened two years ago, the holes exploited by WannaCry still haven’t been filled.

“Organisations are still grappling with the same foundational issues that they were dealing with two years ago, and are allowing worms and malware to propagate – they don't have good visibility of their increasingly fragmented network, which means that they have a limited view of vulnerability exposure and are unable to effectively prioritise vulnerability remediation,” says Kidron.

 “It might be tempting to say that the authorities should step in and dictate the enforcement of security measures and controls in order to prevent another rapidly spreading ransomware attack. But while they have a significant role to play, businesses need to be one step ahead. Government cybersecurity innovation is always lagging behind that of cybercriminals – if you wait for their direction, you're not going to improve vulnerability exposure within your network.”

Kidron has some advice for organisations that want to prevent a WannaCry Mark 2 scenario:

  • Gain visibility of the whole network infrastructure
  • Continually test the security which has been designed in policy is actually being maintained in the network - in order to make the best use of stretched resources, testing should be automated.
  • Have ongoing insight around the context of vulnerabilities - this should become a fundamental concern.

“Without having this context, and visibility over the entire security environment, it's far more likely that businesses are going to be stung by another wide-spread ransomware attack,” Kidron concludes.

Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
NZ businesses are leaving themselves vulnerable to cyber threats
Barely six per cent of business and companies in New Zealand have adequate cyber protection.
InPhySec forges partnership to tackle NZ cybersecurity market
The Kiwi managed security services provider is partnering with CrowdStrike to bring its endpoint protection solution to its customers.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
Chch crypto exchange Cryptopia facing liquidation
It seems that Christchurch-based cryptocurrency exchange Cryptopia has been unable to recover after malicious cyber attackers stole around $20 million worth of cryptocurrency.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.