5 Security Lessons WannaCry Taught Us the Hard Way

  /     /     /  
Publicated : 22/11/2024   Category : security


5 Security Lessons WannaCry Taught Us the Hard Way


There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.



The scope and severity of the fallout from the WannaCry attacks over the past week elicits plenty of we told you so head shakes about the dangers of ransomware. With a lightning-fast speed, the blackmail worm spread quickly.
On Friday it reached 74 countries and more than 45,000 systems
. By Monday, those numbers had ballooned to 150 countries and 200,000 systems, according to Europol.And even when security
researchers found a kill-switch
for the attack that they used to their advantage, it didnt take long for new variants to start up again with infections occurring at a rate of 3,600  systems per hour.
Its a nasty bit of business. And while the hue and cry over ransomware shouldt be ignored, there are a lot more valuable lessons beyond those that have to do with cyber blackmail. Here are just a few of them.
Lesson 1: Vulnerability and Patch Management Overshadow Everything
Patch, patch, patch, patch. Its been the overwhelming mantra of security pros for decades, and this attack campaign shows us why. The rapid spread of the worm was made possible by the ubiquity of systems worldwide running on unsupported or unpatched operating systems.
We’re hopeful that organizations will significantly alter their continuous patch hygiene, says says Mark McArdle, CTO for eSentire. Microsoft has even released new emergency patches for Windows XP and 2003, which speaks to the seriousness of the event and the risk of deploying out-of-date operating systems in production environments.
Lesson 2: Unknown Assets Can Bite You in the Rear
Its just about impossible to patch systems an organization doesnt even know exists. The insidious effects of WannaCry offer up a good illustration of how easy it is for attackers to scale atttacks against the forgotten systems that can be lost through inconsistent asset management. 
Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors, says Steve Ginty, senior product manager at RiskIQ. For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall.
Lesson 3: Network Segmentation Can Be a Valuable Risk Reducer
Of course, patch management isnt as simple as just finding every system and waving a magic wand over them. Many organizations struggle to update legacy and embedded systems due to a host of technical problems. Its why WannaCry found such fertile ground in healthcare organizations, since many medical devices are built on top of old Windows operating systems that are notoriously difficult to update due to government regulations and the organizations own concerns about causing system disruptions during updates.
In many cases, devices will never receive updates either because the OS is no longer supported and memory, storage, and processing constraints may prevent the device from operating effectively with the latest software, says Craig Young, computer security researcher for Tripwires Vulnerability and Exposures Research Team. Finally, I suspect that many hospital administrators may not recognize the danger from using outdated software on these devices, and simply avoid patching because the device works. This if it ain’t broke don’t try to fix it mentality can be tremendously detrimental to hospital security.
This scenario is a perfect example of how compensating controls - like network segmentation - should have kicked in for a lot of organizations. 
Of course, today, completely disconnecting a machine from the Internet typically renders it of little use. But network connectivity can be limited as much as possible, says Brighten Godfrey, co-founder and CTO of Veriflow. Segmentation requires careful network architecture, especially in a complex environment where configurations of firewalls, routers and other devices are continually changing. Rigorous network verification methods can help ensure that the intended segmentation is continually realized.  
 
Lesson 4: Security Has Real-World Repercussions
Speaking of healthcare, one of the big-picture lessons that security professionals around the world should be thinking deeply about is the fact that cybersecurity is no longer just a game of protecting data. When attacks happen today, they have real-world repercussions that can affect the safety of peoples life and limb.
With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry, says Terry Ray, chief product strategist for Imperva.
The attacks against the UKs National Health Service put hospital operations at a standstill and threatened the health of real people. As much as the security industry talks about its struggle with attackers as a game, using terminology like whack-a-mole and cat-and-mouse to describe the back-and-forth exchanges, the truth that WannaCry should bring home is that what were engaged in is not frivolous or fun. The consequences are real and serious.L  
Lesson 5: Its Easy to Forget the A in Securitys CIA
So many security organizations get hung up on the confidentiality and integrity part of IT risk management that they forget the final leg of that three-legged stool: availability. According to estimates from Cyence researchers, the business interruption costs to companies from WannaCry will add up to over $8 billion.
Business interruption caused by the WannaCry malware is probably the most substantial and problematic component to this event. Organizations will suffer interruptions to their business, lost income, and extra expenses while the infection is being remediated – and it will take some time to get back to full productivity even after systems are restored, says George Ng, CTO and Cyence co-founder. 
Obviously, these are big-picture lessons. And it will take time to turn these lessons into meaningful action. In the meantime, for those whove found theyve lost access to WindowsXP systems, theres at least some good news on that front. Security researchers with the French security firm Quarkslab have released a new tool called
Wannakey
, which can recover the private encryption key for infected WindowsXP systems.  
Related Content:
WannaCry: Ransomware Catastrophe or Failure?
WannaCrys Kill Switch May Have Been a Sandbox-Evasion Tool
Researchers Investigate Possible Connection Between WannaCry & North Korean Hacker Group
WannaCry Rapidly Moving Ransomware Attack Spreads to 74 Countries
 
 

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
5 Security Lessons WannaCry Taught Us the Hard Way