sb-eu logo
Story image

Two years on: Have organisations learnt from WannaCry?

10 May 2019

The month of May this year marks a special anniversary – two years since WannaCry caused chaos worldwide.

It was labelled as ‘one of the most destructive pieces of ransomware ever’, targeting computers running Microsoft Windows by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

The main reason for its effectiveness (and the reason it is still talked about today), though, was its worm-like ability to spread through an entire organisation in a matter of hours.

In light of this, Skybox Security threat intelligence director Marina Kidron has shared her insights on whether organisations have learnt from attack, whether a repeat attack could still occur, and if there are any more pressing threats on the horizon.

“In terms of WannaCry Mark 2 happening, we are not out of the woods. Last year, 32 vulnerabilities affected Windows which were similar to those exploited by WannaCry. In theory, any of these vulnerabilities, if left exposed, could be used today to forge another global attack,” says Kidron.

“Paying lip service to ransomware can have serious consequences. This is something that many businesses recently discovered when they were ill prepared to handle the 'Sodinokibi' ransomware which recently exploited an Oracle Weblogic zero-day vulnerability, causing significant damage.”

Kidron says despite what happened two years ago, the holes exploited by WannaCry still haven’t been filled.

“Organisations are still grappling with the same foundational issues that they were dealing with two years ago, and are allowing worms and malware to propagate – they don't have good visibility of their increasingly fragmented network, which means that they have a limited view of vulnerability exposure and are unable to effectively prioritise vulnerability remediation,” says Kidron.

 “It might be tempting to say that the authorities should step in and dictate the enforcement of security measures and controls in order to prevent another rapidly spreading ransomware attack. But while they have a significant role to play, businesses need to be one step ahead. Government cybersecurity innovation is always lagging behind that of cybercriminals – if you wait for their direction, you're not going to improve vulnerability exposure within your network.”

Kidron has some advice for organisations that want to prevent a WannaCry Mark 2 scenario:

  • Gain visibility of the whole network infrastructure
  • Continually test the security which has been designed in policy is actually being maintained in the network - in order to make the best use of stretched resources, testing should be automated.
  • Have ongoing insight around the context of vulnerabilities - this should become a fundamental concern.

“Without having this context, and visibility over the entire security environment, it's far more likely that businesses are going to be stung by another wide-spread ransomware attack,” Kidron concludes.

Story image
Trend Micro receives AWS Outposts Ready designation
rend Micro solutions are now fully and demonstrably capable of integrating with Outposts deployments.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Strong cybersecurity posture crucial for company success - Fortinet
"They should also conduct due diligence to ensure partners aren’t inadvertently creating vulnerabilities with insufficient cybersecurity measures."More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More