WannaCry: What’s Next – expert predictions
May 2017 by Expert
Last Friday, the massive WannaCry ransomware attack struck organizations in at least 100 countries. The attack exploited code from the NSA and ransomware paired with a worm to hold more than 200,000 machines at ransom, demanding payment from its victims in exchange for their files.
Cyber security company eSentire has compiled a list of its post-WannaCry predictions:
• Patch hygiene will improve - We’re hopeful that organizations will significantly alter their continuous patch hygiene. Microsoft has even released new emergency patches for Windows XP and 2003, which speaks to the seriousness of the event and the risk of deploying out-of-date operating systems in production environments.
• More Shadow Brokers disclosures - We haven’t heard the last of the Shadow Brokers. The hacking group claims to have more tools and information stolen from the U.S. Intelligence community. As they expose new “cyber weapons” adopted by opportunistic threat actors, suddenly everyone is at risk.
• More variants of WannaCry - TheWannaCry story will inspire a new set of attacks. They won’t all necessarily be ransomware, but it remains to be the most hyper-productive model for cybercriminals in terms of monetizing attacks.
• Worms exploiting broad vulnerability + hostile payload: IoT - Knowing how quickly worm-based attacks can do massive damage, there is potential for physical damage to infrastructure as we move to IoT. This becomes something that we need to decide on about how we’re going to manage risk. The lack of focus or preparedness for IoT cybersecurity puts everyone at increased risk.
• Fragility of the infrastructure and limited human involvement - With infrastructure that is globally connected and the challenge of patch management, fast-spreading threats can cause massive damage. Especially to embedded systems where there is not ongoing support for vulnerabilities. Plus, future attacks will involve less and less human intervention.
Mark McArdle, CTO at the company says, “Collaboration is essential. There’s an attack vs. defense asymmetry in that it’s really easy to for attackers to attack, and really difficult for organizations to respond. Organizations will be on their own, unless they start to build out their trust circles and collaborate on how to defend against threats. Additionally, we have to be mindful about attributing attacks to specific geographies or state-entities. In this case, officials have stated that Russia was considered to be the most attacked. But if we think that a political opponent will retaliate, that could mean cyberwarfare against everybody.”