WannaCry Outbreak Is Just A Tip Of An Iceberg

Cybersecurity experts called the recent international cyberattack known as “WannaCry” among the worst they have seen, and warned about the country’s lack of cyber-security preparation.

“This is only the beginning of a very, very long list of bad stuff,” said Brett Scott, co-founder of the Arizona Cyber Warfare Range. “It’s about as bad as one can imagine. I suppose one day it will get worse because every time I think we’ve hit the limit, it always gets worse.”

Frank Grimmelmann, president and CEO of Arizona Cyber Threat Response Alliance, called WannaCry “simply the tip of the iceberg.”

“If vulnerabilities are there,” he continued, “it’s not a question of if you will be attacked or will they ultimately be successful. It’s a question of when.”

The WannaCry malware that swept around the world infected vulnerable computers and held the data on them hostage by encrypting files and demanding a ransom to unlock the files.

The attack made its way through multiple countries, including Russia, parts of Europe and the US Reports said the ransomware is believed to have been developed from digital tools devised by the US National Security Agency, stolen by a group of hackers known as the Shadow Brokers, and leaked online in April, reportedly to protest Donald Trump’s presidency.

The malicious software exploited a Windows computer vulnerability that allowed it to spread. A patch was released by Microsoft in March, but computers that had not been updated are at risk of infection.

Among the affected systems were hospitals, government offices, and FedEx. It was not the first ransomware attack, and experts are certain it will not be the last.

Tom Kellerman, CEO of Strategic Cyber Ventures said he and many in his industry see this as “almost a trial run.”

Kellerman said the inter-networking of smart devices has only increased vulnerabilities, “given all the opportunities that it provides” a hacker.

While WannaCry mostly hit business and government systems, Kellerman warned that the next targets could be homes.

“You can walk away from work and call it a day. But these things now will impact your personal life and safety at home, should they not be corrected soon,” he said.

Grimmelmann said he believes that businesses and individuals will ultimately adapt to combat cyber-attacks, but added that the WannaCry attacks demonstrated “the danger of knowing that vulnerabilities exist and not making vendors aware of them, therefore not having patched systems.”

Scott said because the attack utilised “state-sponsored weaponry,” the hackers exploited a “vulnerability that no one was aware of.”

“We are, as a country, very ill-prepared,” he said. “The US government does not know how to deal with the loss of their toys and because they don’t know how to deal with that, we are all suffering and we will all suffer a lot more.”

Scott said the future of cyber protection lies in the hands of businesses and individuals, and not solely in the hands of the government.

“I think that this is actually the moment when everyone can be called to the table and say, ‘Do you realise now that government is not the answer to these problems?’” he said. “Play time is over. It’s time to get serious.”

Ein News

You Might Also Read:

North Korea's Unit 180 Managed WannaCry Attack:

WannaCry Also Hit Windows 7 Systems:

 

Current Cybercrime Threats Originate In Espionage:

 

« Mystery British Airways IT Failure
Russian Hackers Sow Disinformation Via Leaks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

Immersive Labs

Immersive Labs

Immersive Labs have created a kinesthetic learning platform which identifies gaps in your teams cyber skills.

Cyber Security & Cloud Expo

Cyber Security & Cloud Expo

The Cyber Security & Cloud Expo is an international event series in London, Amsterdam and Silicon Valley.

Security BSides

Security BSides

Security BSides is the first grass roots, DIY, open security conference in the world!. BSides is a community-driven framework for building events for and by information security community members.

Quarry Bay Company

Quarry Bay Company

Quarry Bay Company are a strategy and technology consultancy for cyber security. We help to reduce risk by providing expert guidance on operational and investment decisions related to cybersecurity.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

Cymatic

Cymatic

Cymatic has engineered a new approach to web security, designed and built to overcome the limitations of today’s siloed and ineffective security solutions.

Alertot

Alertot

Hackers attack minutes after a new vulnerability is published. Alertot helps to decrease exposure time in organizations by notifying new issues when they are disclosed.

Palmchip

Palmchip

Palmchip is a Cyber Security, SOC and Software consulting company. We design and develop high performance and secure applications.

Mosaic Insurance

Mosaic Insurance

Mosaic is a next-generation global specialty insurer distinguished by an exceptional team, agile technology, and a structure that combines Lloyd’s of London strength with a global distribution network

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.