Two Years After WannaCry Severe Risks Remain

Uploaded on 2019-06-06 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Two years ago, WannaCry ransomware invaded the globe spreading like wildfire, encrypting hundreds of thousands of computers, in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands crypto-currency in ransom to unlock them, had spread across the world in what looked like a co-ordinated cyberattack.

UK hospitals declared a ‘major incident’ after they were taken offline by the malware and railways and commerce were also attacked.   

Security researchers quickly realised the malware was spreading like a computer worm, across computers and over the network, using the Windows SMB protocol. Suspicion fell on some classified hacking malware developed by the National Security Agency, which weeks earlier had been stolen and published online for anyone to use.

An unknown hacker group, later believed to be working for the North Korean Government had used the published NSA cyber-weapons and they launched some attacks probably not realising how far the malware would go. The hackers used the NSA’s backdoor, DoublePulsar, to create a persistent backdoor that was used to deliver the WannaCry ransomware. Using the EternalBlue exploit, the ransomware spread to every other unpatched computer on the network.

A single vulnerablility and an internet-exposed system was enough to wreak havoc.

In just a few hours, the ransomware had caused billions of dollars in damages. Bitcoin wallets associated with the ransomware were used by victims to get their files back but often this did not work.

Trust in the intelligence services collapsed overnight. Lawmakers demanded to know how the NSA was going to rectify the severe damage it had caused.A month later, the world braced itself for a second round of cyberattacks in what felt like would soon become the norm.

Two years on, the threat posed by the leaked NSA tools remains a concern.

As many as 1.7 million internet-connected endpoints are still vulnerable, according to the latest data. This data is generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark, with most of the vulnerable devices in the US.

That only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices is likely significantly higher and WannaCry continue to be used to deliver all sorts of malware, and new victims continue to appear.

Just weeks before the city of Atlanta was hit by ransomware, cybersecurity expert Jake Williams found its networks had been infected by NSA’s malware. More recently, the NSA tools have been repurposed as a cryptocurrency mining to generate money from the vast pools of processing power.

WannaCry caused panic. Systems were down, data was lost and money had to be spent. It was a wake-up call that society needed to do better at basic cybersecurity. But with a million-plus unpatched devices still at risk, there remains ample opportunity for further abuse.

What we may not have forgotten two years on, clearly more can be done to learn from the failings of the past.

Techcrunch:         TechTarget:       neuways:

You Might Also Read:

Preventing Another WannaCry:

N. Korean Hacker Fingered For Wannacry Attacks:

 

« Digital Advertising Is A $Billion Ripoff
Cyber Command Knows Its Tools Can Also Be Used By Their Targets »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

DoQubiz Technology

DoQubiz Technology

DoQubiz is using the idea of security through obscurity to develop their proprietary Fractal Security Engine that implements a highly resilient data protection protocol.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.