WannaCry is likely far from the last cyberattack. What your IT Support is doing may not be enough to protect you from the next big attack.
Cyberattacks are simply becoming the new normal. They’ve become much more frequent in the last couple of years and are much more far-reaching than most of us would have imagined (or hoped!).
The problem with these attacks is they use vulnerabilities in your network that should have already been fixed. Attackers are exploiting your vulnerable system armed with precise knowledge of where to hit your network—since security experts have already identified, warned and have given the IT community solutions to these problems.
What keeps me up at night is thinking about how many businesses in and around Philadelphia that don’t have an IT Support team that is legitimately keeping their networks safe from attacks!
You probably have heard of the recent WannaCry virus—the attack earlier last month that infected over 150 countries.
What cybersecurity experts recently revealed is this devastating virus should have been much worse. That means a lot more victims (possibly Philly businesses!). Today I want to take a few moments to go through why WannaCry is just the tip of the iceberg when it comes to cyberattacks and emphasize that most attacks are completely avoidable if your IT Support were doing their jobs!
Was WannaCry that bad of an attack?
The answer is complicated. Some may say it was extremely vicious, but others would say it was really not that bad.
Why it was devastating?
The attack was able to cripple entire networks. Rather than infect one machine, the exploit could spread like wild fire across multiple work stations and onto your servers. With farther reaching penetration inside your network, this attack demonstrated where the future in cybercrime is going. Mass file encryption, data theft and complete network debilitation.
But Why might some think WannaCry wasn’t so bad?
All the experts agree that if IT Support teams had shored up basic security on your network, you would have been safe against WannaCry and similar attacks. The reality is that over 160 MILLION computers remain vulnerable to WannaCry over a month after the attack started! That means businesses like yours aren’t shoring up security against threats that visibly created problems!
The lowest hanging fruit for criminals looking for easy attacks? Looking for businesses that have not patched their networks, leaving their data vulnerable to even amateur hackers. Be assured that criminals are mimicking successful attacks. Armed with knowledge to hack your unpatched network, these criminals are keying in on easy money!
As I mentioned a few weeks ago, one of the biggest problems with many IT Support teams is they are simply too busy to follow through with security. Having spent their 40 hours dealing with time bombs, who has time to work on preventing your network from getting hacked and your data ransomed?
As more companies—especially large enterprises—start to double check their network security in light of recent attacks, who will be left for hackers to take advantage of? (If you’re not sure if your IT Support team has taken basic security serious, see how security should work.)
The Scary Thing Is That WannaCry wasn’t even ready for production
Developers evaluating the WannaCry code found a variety of coding and implementation mistakes riddling the virus. The attack that crippled businesses world-wide could have caused much more damage. Several believe that the virus was released accidentally, which lead to a much smaller attack than a virus like WannaCry could have been.
Experts suspect that a variety of “enhancements” to the May 12th version could have led to a devastatingly successful cybercrime campaign. The fact that the virus had a killswitch—a mechanism added to the virus to make sure it was stoppable—led many security experts to identify WannaCry as an amateurish release of something that could have been much farther reaching.
The killswitch in this situation worked like this: if the virus couldn’t connect to the domain (location where the attack was being hosted), it continued with the infection. But an instance where it was able to connect, the virus stopped the attack. A security engineer was able to successfully activate the killswitch on the WannaCry virus by registering the domain that hosted the virus.
What was missing in the WannaCry attack?
Many experts had expected to find a cryptographic challenge response set up. Many of the very sophisticated malware that has come out recently uses a cryptographically validated connection to command and control the virus. Adding this additional layer of impenetrability prevents a researcher or law enforcement from identifying the source of the attack (which is how experts from a variety of security firms and governmental agencies were able to identify who was responsible for the WannaCry attack).
Most believe that WannaCry somehow quietly escaped a test environment—hopping from an unpatched machine onto the internet, spreading to over 150 countries. If this virus were a complete version, we would have seen a greater attack. Instead, we would have seen an uncontainable ebola-like virus that would massively infect global networks with ease.
Experts worry that the next time, these criminals (and others like them) will not release a Beta version before its potent enough to create massive damage. Instead of having a killswitch and having an identifiable source of attack, it will hit vulnerable networks like wildfire and won’t burn out until every last unpatched, vulnerable system is taken. The near future of cyberattacks is likely not going to be something much different that the attacks we’ve already seen because there simply are too many businesses not heading warnings to patch their systems.
The troubling part of this is most of these businesses have no idea they are vulnerable! If you’re not sure that your IT Support is adequately protecting your business from an attack that could easily have been prevented, contact us to identify specific preventative measures to keep your network secure.