What's the lesson from WannaCry? - Technical.ly Baltimore

Dev

May 22, 2017 9:54 am

What’s the lesson from WannaCry?

The attack got lots of attention for its scope and speed, but the protection could've been there. We talked to local cybersecurity experts for perspective.
Inside U.S. Cyber Command.

Inside U.S. Cyber Command.

(Photo by Michael L. Lewis/U.S. Army)

The WannaCry cyber attack got lots of attention for its sheer magnitude. It reportedly affected 300,000 Windows PCs in 150 countries, and shut down major parts of the UK’s health system and German rail.

The fact that the malware used was stolen from the NSA and the potential involvement of North Korea also layered on elements of global intrigue.

To the people who deal with cyberattacks frequently, that level of attention is unique. As WYPR Midday host Tom Hall noted during a show that this reporter participated in on Friday, it earned the distinction of second biggest story of the week (behind the ugly saga of Trump and Comey).

Listen to the show

In the cyber world, the tech behind the attack is getting attention. It’s a new take on an old crime.

Most people who are familiar with crime know about a ransom. Instead of a kidnapping, the criminals now use malware to encrypt files and make them inaccessible until people pay up. Rather than delivering the money at a certain time in a certain bag, the victims are ordered to pay in bitcoin, which is difficult to track.

While ransomware has been on the radar for the last couple of years (remember that MedStar Health attack last year?), the way the attack spread through networks was new. As Peter Dietrich of Columbia-based Anchor Technologies described it to us, the attack moves by worming its through a network, rather than spreading through email. In this case, it was able to exploit a vulnerability in Microsoft operating systems, mainly Windows 7, and it moved fast.

Advertisement

Dietrich said his company worked with a client following a similar attack recently. This attack represents “a newer generation of getting into the environment and worming through the environment,” he said.

Up until Friday’s deadline, there was lots of debate about whether to pay a ransom. But for businesses, the costs go beyond those payments. A system that’s hit with ransomware typically has to be completely rebuilt, Dietrich said. Then there’s the cost of the system being down and putting the company out of business. As was shown in the British healthcare system where the attack impacted surgeries, lives are literally on the line.

"Discerning the mundane from the important will be as difficult as it was with WannaCry."
Casey Corcoran, FourV Systems

There was warning. Microsoft released a patch in March that indicated potential danger. In retrospect, it may seem tempting to think the attack could have been prevented. Trouble is, many organizations didn’t update their systems.

Larger organizations may delay making the security fixes since it requires a series of tests and the right timing so as not to disrupt work.

“From an enterprise perspective it’s really complicated to be pushing out updates, so sometimes they’ll hold off on updates unless they feel it’s something super critical,” said Zuly Gonzalez, CEO of Light Point Security.

But even for the most knowledgeable people, there is lots to track.

“Unfortunately, the symbolic ‘warning light’ on the security dashboard was only one of thousands — culled out of millions of mixed mundane/important events — vying for SecOps attention,” Casey Corcoran, Vice President of Spark-based FourV Systems, said via email. “When the Shadow Brokers hacker group leaked the Windows SMB exploit, it became just one more ‘thing’ that went under in the din of warnings and alerts.”

Due to the success of this attack, many organizations will likely take necessary security steps, Gonzalez said. As a result, Gonzalez said it’s unlikely that groups will try to carry off a similar breach. But they will likely look for other ways to accomplish the same kind of scale. The question is whether the publicity will serve as a wake-up call to prepare for the future.

“We think we might be better prepared, because we will pay more attention to the warning signs. But reality is there will again be many signs, and discerning the mundane from the important will be as difficult as it was with WannaCry,” Corcoran said.

And the group behind the attack is emboldened: The Shadow Brokers are literally talking about pivoting to a subscription model.

Want more richly researched and deeply sourced community reporting?  Become a Technical.ly member for $12 per month -30-
CONTRIBUTE TO THE
JOURNALISM FUND

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Baltimore City Council cybersecurity committee to hold first hearing [Events Roundup]

A ‘Moon colony’ challenge gave Maryland Girl Scouts a hands-on cybersecurity lesson

AvengerCon IV showed how U.S. Cyber Command is building community

SPONSORED

Baltimore

How this lawyer is helping entrepreneurs bark up the right tree

Baltimore, MD

14 West

Qlik Developer

Apply Now

Baltimore, MD

14 West

Senior Qlik Developer

Apply Now

Baltimore, MD

14 West

Lead Qlik Developer

Apply Now

How Baltimore is working to close the funding gap for founders of color

Xandr, AT&T’s ad company, partners with Baltimore’s clean.io

IoT security startup ReFirm Labs raises $2M

SPONSORED

Baltimore

Get to know SmartLogic’s culture of plants, podcasts and productive client relationships

Baltimore

14 West

Senior Business Analyst

Apply Now

Baltimore

SmartLogic

Operations Manager

Apply Now

Philadelphia, PA

Vistar Media

Software Engineer

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!