The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

WannaCry - Don't...Just Learn the Lessons

21 July 2017 | Updated 01 January 1970

Earlier this year, ransomware took centre stage in one of the largest outbreaks ever, hitting a huge number of companies across the globe, writes Ravid Circus.

There was some relief when a second spike of attacks did not materialise, despite warning from experts that this was likely. But if you weren’t compromised this time, it doesn’t mean that your systems are safe – according to threat intelligence researchers, it is only a matter of time until we see a new wave of ransomware attacks.

There are plenty of other exploits circulating in the “wild”, that could easily turn into an attack similar to WannaCry, targeting a different set of vulnerabilities.

The havoc caused by WannaCry should act as a wake-up call to ensure that you are protected for the next wave of ransomware attacks. Justin Coker, vice president EMEA, Skybox Security said: “We mustn’t let the lessons of the WannaCry outbreak be forgotten. Its impact further emphasises the need for organisations everywhere to change their approach to managing and prioritising vulnerabilities, if they want to stay ahead of increasingly organised and sophisticated hackers”.


Lesson 1: Optimise legacy systems

Far too many companies continue to rely on out of date legacy systems and additionally fail to maintain them, leaving them vulnerable in the event of a cyber-attack. As a first step, you should update passwords, configuration and security settings on these machines, as legacy systems may have been implemented without changes to the original configuration. Ensure that risky configurations, like default and easily discoverable passwords and other exploitable settings, are updated.

As many companies were made painfully aware during the WannaCry attack, patching is incredibly important, with out of date patches providing an easy way for cybercriminals to get into your systems. Check with your vendor for the latest patches that are available – this should be a priority to make sure that your systems are as protected as they can be. Where operational constraints prevent patching, indirect mitigation can be used as a temporary solution until proper patching can take place.


Lesson 2: Change the way you think about cyber security

The vulnerability exploited by ransomware virus EternalBlue as part of the WannaCry attack has had a patch available since March – a full month before the attack took place. Yet, so many companies did not make use of it. Were they not aware of how critical this was? Were vulnerability management and IT operations teams simply overwhelmed by the sheer number of vulnerability alerts? Whatever the reason, the conclusion is clear – the way companies approach cyber security needs re-thinking.

At the moment, many businesses react to a cyberattack in the same way as the crew of a ship hit by a torpedo: by frantically pumping out sea water, without actually knowing where the hole in his ship is.

To keep up with attackers, a new approach to vulnerability and threat management is needed. Cybercriminals are moving fast, and it’s becoming easier for them to gain access to exploits that can deliver devastating malware.

Security programs must evolve and fast. Instead of being an exercise of trying to patch everything all the time, businesses need to develop a much more focused, intelligent action-driven view, that considers real-world threats and prioritises them. This threat-centric vulnerability management approach means correlating multiple factors to determine the risk vulnerability poses. This will allow teams to manage the huge volume of “known” vulnerabilities that are potential threats and narrow them down to a small, manageable number of vulnerabilities that are identified as imminent threats - exposed vulnerabilities known to be exploited in the wild.


Lesson 3: Accept that this is just the beginning

Cybercriminals are moving incredibly fast – so we need to speed up, too. It’s easier than ever to gain access to exploits that can deliver devastating results with a high ROI, like the WannaCry ransomware variant. This is only the beginning and if organisations are to stay ahead of hackers, they need to take an entirely different approach to vulnerability and threat management.

Security teams need to switch their focus from patching everything (which is an impossible task, anyway) to intelligent action that considers what exploits and other tools hackers are actually using in the real world. In other words, they need to go from simple vulnerability management to threat-centric vulnerability management.

By Ravid Circus of Skybox Security

Article written by Ravid Circus | Published 21 July 2017


Related Tags

Related Articles

Reported Ransomware Incidents in UK Doubled in 2023

A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022.   In the first six months...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
What Can The FM Sector Learn From The ISS Malware Attack?

After breaking the news of the ISS World malware crisis, ThisWeekinFM speaks to the industry experts, to identify how FM companies can better manage cybercrime...

 Read Full Article
More Global FM Firms Hit By Cyber Attacks

EMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks.  The website of EMCOR Group, the global providers of facility...

 Read Full Article
Anatomy Of A Cyber Attack

The cyber attack on the global heavy manufacturing sites of Norsk Hydro saw the aluminium producer lose over £25.5 million in under a week. Here we detail three...

 Read Full Article
Global Ali Producer Shut Down By Cyber Hack

A major global aluminium producer with multiple sites, including furnaces, has been the victim of a major and malicious cybersecurity attack. A lack of ability to connect...

 Read Full Article
Hackers' Paradise - Easy Access...And Ransoms Paid

One report says on average, one third of business decision makers would pay hackers' ransom demands; while another - DNS Threat Report -  shows European...

 Read Full Article
Watch What Staff Click - Ransomware Warning

Colin Tankard says the dust from the ransomware which hit major organisations around the world on Friday 12 may seem to have settled but vulnerabilities still exist in...

 Read Full Article
Phishing Docs and the Digital Signature?

Protecting digital documents and being able to verify that the sender of a file is, in fact, who they say they are, is fast becoming a major concern for many...

 Read Full Article
One in Ten Brits are Victims of Cyber Fraud

Research of over 10,000 consumers has revealed that one in ten people have been a victim of cyber fraud whilst not protected by cybersecurity software. Meanwhile, more...

 Read Full Article