Story image

Two years on: Have organisations learnt from WannaCry?

10 May 2019

The month of May this year marks a special anniversary – two years since WannaCry caused chaos worldwide.

It was labelled as ‘one of the most destructive pieces of ransomware ever’, targeting computers running Microsoft Windows by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

The main reason for its effectiveness (and the reason it is still talked about today), though, was its worm-like ability to spread through an entire organisation in a matter of hours.

In light of this, Skybox Security threat intelligence director Marina Kidron has shared her insights on whether organisations have learnt from attack, whether a repeat attack could still occur, and if there are any more pressing threats on the horizon.

“In terms of WannaCry Mark 2 happening, we are not out of the woods. Last year, 32 vulnerabilities affected Windows which were similar to those exploited by WannaCry. In theory, any of these vulnerabilities, if left exposed, could be used today to forge another global attack,” says Kidron.

“Paying lip service to ransomware can have serious consequences. This is something that many businesses recently discovered when they were ill prepared to handle the 'Sodinokibi' ransomware which recently exploited an Oracle Weblogic zero-day vulnerability, causing significant damage.”

Kidron says despite what happened two years ago, the holes exploited by WannaCry still haven’t been filled.

“Organisations are still grappling with the same foundational issues that they were dealing with two years ago, and are allowing worms and malware to propagate – they don't have good visibility of their increasingly fragmented network, which means that they have a limited view of vulnerability exposure and are unable to effectively prioritise vulnerability remediation,” says Kidron.

 “It might be tempting to say that the authorities should step in and dictate the enforcement of security measures and controls in order to prevent another rapidly spreading ransomware attack. But while they have a significant role to play, businesses need to be one step ahead. Government cybersecurity innovation is always lagging behind that of cybercriminals – if you wait for their direction, you're not going to improve vulnerability exposure within your network.”

Kidron has some advice for organisations that want to prevent a WannaCry Mark 2 scenario:

  • Gain visibility of the whole network infrastructure
  • Continually test the security which has been designed in policy is actually being maintained in the network - in order to make the best use of stretched resources, testing should be automated.
  • Have ongoing insight around the context of vulnerabilities - this should become a fundamental concern.

“Without having this context, and visibility over the entire security environment, it's far more likely that businesses are going to be stung by another wide-spread ransomware attack,” Kidron concludes.

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.