WannaCry Outbreak Is Just A Tip Of An Iceberg

Uploaded on 2017-06-02 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cybersecurity experts called the recent international cyberattack known as “WannaCry” among the worst they have seen, and warned about the country’s lack of cyber-security preparation.

“This is only the beginning of a very, very long list of bad stuff,” said Brett Scott, co-founder of the Arizona Cyber Warfare Range. “It’s about as bad as one can imagine. I suppose one day it will get worse because every time I think we’ve hit the limit, it always gets worse.”

Frank Grimmelmann, president and CEO of Arizona Cyber Threat Response Alliance, called WannaCry “simply the tip of the iceberg.”

“If vulnerabilities are there,” he continued, “it’s not a question of if you will be attacked or will they ultimately be successful. It’s a question of when.”

The WannaCry malware that swept around the world infected vulnerable computers and held the data on them hostage by encrypting files and demanding a ransom to unlock the files.

The attack made its way through multiple countries, including Russia, parts of Europe and the US Reports said the ransomware is believed to have been developed from digital tools devised by the US National Security Agency, stolen by a group of hackers known as the Shadow Brokers, and leaked online in April, reportedly to protest Donald Trump’s presidency.

The malicious software exploited a Windows computer vulnerability that allowed it to spread. A patch was released by Microsoft in March, but computers that had not been updated are at risk of infection.

Among the affected systems were hospitals, government offices, and FedEx. It was not the first ransomware attack, and experts are certain it will not be the last.

Tom Kellerman, CEO of Strategic Cyber Ventures said he and many in his industry see this as “almost a trial run.”

Kellerman said the inter-networking of smart devices has only increased vulnerabilities, “given all the opportunities that it provides” a hacker.

While WannaCry mostly hit business and government systems, Kellerman warned that the next targets could be homes.

“You can walk away from work and call it a day. But these things now will impact your personal life and safety at home, should they not be corrected soon,” he said.

Grimmelmann said he believes that businesses and individuals will ultimately adapt to combat cyber-attacks, but added that the WannaCry attacks demonstrated “the danger of knowing that vulnerabilities exist and not making vendors aware of them, therefore not having patched systems.”

Scott said because the attack utilised “state-sponsored weaponry,” the hackers exploited a “vulnerability that no one was aware of.”

“We are, as a country, very ill-prepared,” he said. “The US government does not know how to deal with the loss of their toys and because they don’t know how to deal with that, we are all suffering and we will all suffer a lot more.”

Scott said the future of cyber protection lies in the hands of businesses and individuals, and not solely in the hands of the government.

“I think that this is actually the moment when everyone can be called to the table and say, ‘Do you realise now that government is not the answer to these problems?’” he said. “Play time is over. It’s time to get serious.”

Ein News

You Might Also Read:

North Korea's Unit 180 Managed WannaCry Attack:

WannaCry Also Hit Windows 7 Systems:

 

Current Cybercrime Threats Originate In Espionage:

 

« Mystery British Airways IT Failure
Russian Hackers Sow Disinformation Via Leaks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

Combitech

Combitech

Combitech is the Nordic region’s leading cyber security consultancy firm, with about 260 certified security consultants helping companies and authorities prevent and manage cyber threats.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

Accolade Technology

Accolade Technology

Accolade provides the most technologically advanced host cpu offload, 100% packet capture FPGA-based PCIe adapters and 1U platforms available in the network monitoring and cyber security markets.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Interos

Interos

Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through a breakthrough AI SaaS platform.

Oman Data Park

Oman Data Park

The Data Park is Oman’s premier IT Managed Services provider. We offer a superior Tier 3 Data Center network providing cyber security and cloud services.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.