Two years on: Have organisations learnt from WannaCry?
The month of May this year marks a special anniversary – two years since WannaCry caused chaos worldwide.
It was labelled as ‘one of the most destructive pieces of ransomware ever’, targeting computers running Microsoft Windows by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
The main reason for its effectiveness (and the reason it is still talked about today), though, was its worm-like ability to spread through an entire organisation in a matter of hours.
In light of this, Skybox Security threat intelligence director Marina Kidron has shared her insights on whether organisations have learnt from attack, whether a repeat attack could still occur, and if there are any more pressing threats on the horizon.
“In terms of WannaCry Mark 2 happening, we are not out of the woods. Last year, 32 vulnerabilities affected Windows which were similar to those exploited by WannaCry. In theory, any of these vulnerabilities, if left exposed, could be used today to forge another global attack,” says Kidron.
“Paying lip service to ransomware can have serious consequences. This is something that many businesses recently discovered when they were ill prepared to handle the 'Sodinokibi' ransomware which recently exploited an Oracle Weblogic zero-day vulnerability, causing significant damage.”
Kidron says despite what happened two years ago, the holes exploited by WannaCry still haven’t been filled.
“Organisations are still grappling with the same foundational issues that they were dealing with two years ago, and are allowing worms and malware to propagate – they don't have good visibility of their increasingly fragmented network, which means that they have a limited view of vulnerability exposure and are unable to effectively prioritise vulnerability remediation,” says Kidron.
“It might be tempting to say that the authorities should step in and dictate the enforcement of security measures and controls in order to prevent another rapidly spreading ransomware attack. But while they have a significant role to play, businesses need to be one step ahead. Government cybersecurity innovation is always lagging behind that of cybercriminals – if you wait for their direction, you're not going to improve vulnerability exposure within your network.”
Kidron has some advice for organisations that want to prevent a WannaCry Mark 2 scenario:
- Gain visibility of the whole network infrastructure
- Continually test the security which has been designed in policy is actually being maintained in the network - in order to make the best use of stretched resources, testing should be automated.
- Have ongoing insight around the context of vulnerabilities - this should become a fundamental concern.
“Without having this context, and visibility over the entire security environment, it's far more likely that businesses are going to be stung by another wide-spread ransomware attack,” Kidron concludes.