Story image

Two years on: Have organisations learnt from WannaCry?

10 May 2019

The month of May this year marks a special anniversary – two years since WannaCry caused chaos worldwide.

It was labelled as ‘one of the most destructive pieces of ransomware ever’, targeting computers running Microsoft Windows by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

The main reason for its effectiveness (and the reason it is still talked about today), though, was its worm-like ability to spread through an entire organisation in a matter of hours.

In light of this, Skybox Security threat intelligence director Marina Kidron has shared her insights on whether organisations have learnt from attack, whether a repeat attack could still occur, and if there are any more pressing threats on the horizon.

“In terms of WannaCry Mark 2 happening, we are not out of the woods. Last year, 32 vulnerabilities affected Windows which were similar to those exploited by WannaCry. In theory, any of these vulnerabilities, if left exposed, could be used today to forge another global attack,” says Kidron.

“Paying lip service to ransomware can have serious consequences. This is something that many businesses recently discovered when they were ill prepared to handle the 'Sodinokibi' ransomware which recently exploited an Oracle Weblogic zero-day vulnerability, causing significant damage.”

Kidron says despite what happened two years ago, the holes exploited by WannaCry still haven’t been filled.

“Organisations are still grappling with the same foundational issues that they were dealing with two years ago, and are allowing worms and malware to propagate – they don't have good visibility of their increasingly fragmented network, which means that they have a limited view of vulnerability exposure and are unable to effectively prioritise vulnerability remediation,” says Kidron.

 “It might be tempting to say that the authorities should step in and dictate the enforcement of security measures and controls in order to prevent another rapidly spreading ransomware attack. But while they have a significant role to play, businesses need to be one step ahead. Government cybersecurity innovation is always lagging behind that of cybercriminals – if you wait for their direction, you're not going to improve vulnerability exposure within your network.”

Kidron has some advice for organisations that want to prevent a WannaCry Mark 2 scenario:

  • Gain visibility of the whole network infrastructure
  • Continually test the security which has been designed in policy is actually being maintained in the network - in order to make the best use of stretched resources, testing should be automated.
  • Have ongoing insight around the context of vulnerabilities - this should become a fundamental concern.

“Without having this context, and visibility over the entire security environment, it's far more likely that businesses are going to be stung by another wide-spread ransomware attack,” Kidron concludes.

Forescout strengthens investment in OT security
Forescout’s latest features will provide enterprises with improved productivity, lower risk profiles and faster mitigation of threats.
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.