CYBEREYE
BY BRIAN ROBINSON
WannaCry ransomware:
A preview of coming attacks?
THE ASTONISHING SPREAD of the WannaCry ransomware that exploded onto the global scene on May 12 is not the work of genius malware developers. Rather, it is a clear example of the confluence of two trends — one that should have been strangled a long time ago and the other an inevitable result of techno- logical progress.
In its 2017 Data Breach Investigations Report, Verizon said ransomware is now the fifth most com- mon malware, up from
the 22nd most common in 2014. Part of the reason for that jump is the increasing- ly sophisticated techniques used to create the mal- ware and share the code. WannaCry apparently uses code first developed by the Lazarus Group, a shady outfit that has been linked to some of the biggest and most effective raids on bank and finance systems around the world.
The rise of ransomware as a service is apparently making sophisticated mal- ware available to even the most technically deficient criminal.
WannaCry took advan- tage of a Windows exploit called EternalBlue that was developed by the National Security Agency. It attacks weaknesses in Microsoft’s Server Message Block 1.0
(SMBv1) using a backdoor tool also created by NSA. All Windows machines still running an older version of the operating system
— Windows XP through Windows 7 — were vulner- able to WannaCry.
It’s not clear how aware security professionals are of the increasingly indus- trial nature of malware development and exploits. Malware creators are every bit as capable as their
developed EternalBlue as a weapon in the fight against groups hostile to the U.S., but it was stolen last year along with a stash of other NSA cyber weapons and the code was eventually published, which raised questions about whether NSA was secure enough
to be holding such potent hacking tools.
In a blog post, Brad Smith, Microsoft’s presi- dent and chief legal of-
weapons in the physical world.
Until now, cyberattacks have been non-lethal, but WannaCry demonstrated the kind of real-world damage that ransomware and other types of malware can cause. The U.K.’s Na- tional Health Service was one of the first and worst hit by WannaCry, and many hospitals there had to put off essential surgeries and other procedures.
10 GCN JUNE/JULY 2017 • GCN.COM
Malware innovation is outpacing efforts to protect against such attacks, so we must find a new way to deal with the problem.
white-hat counterparts, and the infrastructure
that makes malware easily obtainable by criminals
is starting to mirror that of the legitimate software industry.
Furthermore, users are still slow to practice base- line, no-brainer security such as regularly patching their systems. Microsoft, for example, issued a secu- rity update for the SMBv1 vulnerability in March,
but thousands of systems were still thought to be unpatched when WannaCry was launched.
The impact of the attack on government agen-
cies is still unclear. NSA
ficer, said the WannaCry incident is yet another example of why stockpiling tools such as EternalBlue, which wasn’t revealed to industry or anyone else, is a problem.
“This is an emerging pattern in 2017,” he wrote. “We have seen vulnerabili- ties stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
All governments should treat the WannaCry at- tack as a wake-up call, he said, and they must apply the same rules to cyber weapons that they do to
With malware innova- tion seemingly outpacing the efforts of public and private entities to protect against such attacks, we must find a new way to deal with the problem. Microsoft, for example, wants a Digital Geneva Convention that would govern global cybersecu- rity. It would also include a requirement for govern- ments to report vulner- abilities to software ven- dors rather than stockpile them.
Right now, that kind of collective response is a reach, but WannaCry has certainly shown why it’s needed.•