Over a third of firms are not prepared for WannaCry-like attacks

24 May 2018

| Author: Jay Jay

Bak in April, a report from the Public Accounts Committee noted that even though almost a full year had passed since the WannaCry attacks took place, many NHS trusts were not prepared for similar attacks in the future and were yet to implement reccommended measures to improve their cyber security.

The Committee added that even though the DHS, NHS England, and NHS Improvement published a Lessons Learned review with 22 recommendations for strengthening the NHS’s cyber security in February this year, they were yet to agree on implementation plans and had no idea on how much it would cost to implement the recommendations.

Over a third of firms are not prepared for WannaCry-like attacks

A new report from cybersecurity firm Lastline has revealed that NHS trusts are not the only ones that have taken little or no concrete actions to detect, prevent or fight against future WannaCry-like attacks in the future.

In a survey of over 200 security professionals carried out by the firm at the 2018 RSA Conference, 35.6 percent of those surveyed admitted that even though they had made changes to improve their organisations’ cyber security, such changes were not enough to completely secure their networks against WannaCry-like ransomware attacks. 8.8 percent of such professionals also admitted that they had taken no steps at all to secure their networks.

“The fact that the WannaCry incident was not a more serious wake-up call for such a significant portion of companies, particularly a whole year later, is somewhat concerning. While it is encouraging that so many organisations have made some appropriate changes, the severe operational disruption that a ransomware attack can have on an organisation means that ‘some’ changes are not enough,” said Marco Cova, chief web threat analyst at Lastline.

The threat of ransomware or malware attacks is very real and security professionals at organisations know very well that opportunistic hackers would leave no stone unturned to exploit existing vulnerabilities in enterprise networks either to disrupt operations or to encrypt sensitive files and trade them for money.

For instance, in March this year, hackers did not spare even the world’s largest airplane manufacturer and carried out a sophisticated ransomware attack on Boeing’s digital infrastructure, albeit with little success.

“Our cybersecurity operations centre detected a limited intrusion of malware that affected a small number of systems. It took some time for us to go to our South Carolina operations, bring in our entire IT team and make sure we had the facts.

“The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs,” said Linda Mills, the head of communications for Boeing Commercial Airplanes after the attack was finally quelled.

Hackers could return with more powerful ransomware attacks

Even though the WannaCry ransomware attack impacted over 400,000 computer systems across 150 countries, it was not the most powerful ransomware attack and it is quite possible that hackers will use more lethal variants in future to disrupt operations across the globe. For example, soon after the WannaCry attacks took place last year, researchers warned that there was as even more powerful ransomware named EternalRocks which was armed with at least seven cyber tools stolen from the NSA.

According to security researcher Miroslav Stamper, EternalRocks not only featured lethal SMB (Server Message Block) tools which were named EternalBlue, EternalChampion, EternalSynergy, and EternalRomance but also SMB reconnaissance tools named SMBTouch and ArchTouch which could keep an eye on affected computers. It was considered so powerful that Stamper found it apt to term it as the ‘DoomsDayWorm’.

Considering that hackers could be developing lethal ransomware variants for future attacks, Ross Rustici, Senior Director, Intelligence Services at Cybereason, wrote in a guest blog for TEISS that despite a fall in the number of ransomware attacks this year, it would be a mistake for companies to believe the threat has diminished entirely.

“Those criminals that have kept with ransomware have continued to refine their software, with some even using agile software development techniques to create rapid new iterations. We have also seen attackers shift from large scale spray-and-pray attacks to more targeted campaigns which choose their victims more carefully.

“Additionally, the decline of ransomware by no means represents a decline in malicious cyber activity as a whole. The space left by ransom attacks has been filled by other methods that are harder to predict, from banking Trojans and rootkits to browser hijacks and password loggers,” he warned.

“On balance, while ransomware is less of universal threat than it appeared at its height last year, this new more targeted phase does put certain organisations at greater risk, and remaining ransomware is likely to be used in a more challenging way. However, with good practice and the use of the powerful tools created by the security industry, organisations can keep the threat at bay.”


40% of UK firms more exposed to cyber attacks than ever before

British companies stockpiling Bitcoins to pay off ransomware attackers


Source link