WannaCry and the Difficult Task of Preventing a Similar Attack
The first wave of the ransomware attacks that inundated businesses around the world last week has apparently now passed, although it’s quite possible more infections will occur. The finger pointing continues between the infected institutions and the companies and governments they believe could prevent outbreaks: Microsoft, the NSA, Russia, and even North Korea.
But who is to blame? Like most things, everyone is at least partly responsible. The real question is what do we now to prevent future attacks.
The Malware Developers
Most of the blame will obviously fall on those who created the malware and unleashed it around the world, leading to one of the fastest-spreading and potentially damaging cyber attacks seen to date. It has infected institutions such as FedEx and the British National Health Service. For all their effort, the latest reports suggest the perpetrators have only netted approximately $55,000. 1
The NSA – and Russian Intelligence?
It has been a matter of weeks since a hacker group called Shadow Brokers publically exposed a load of software tools believed to belong to the National Security Agency (NSA). It now appears one leaked NSA tools, an exploit of Microsoft Windows called EternalBlue, is being used as one method for rapidly spreading a ransomware variant called WannaCry across the world.2
Dumping the tools was clearly rash — but should the NSA have developed them in the first place? Intelligence agencies have a long history of spotting weaknesses in software, and while most weaknesses are passed on to software vendors for patching, they withhold some for their own hidden agendas. The result is known security flaws remain unrepaired in the operating systems for other nefarious organizations to exploit. 3
Former NSA-contractor-turned-whistleblower Edward Snowden was more altruistic, tweeting: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.” 4
Microsoft has long argued that this strategy is dangerous. If there is a security flaw in Windows, the company said, surely the safest thing to do is to make its development team aware to allow the flaws to be fixed.
Microsoft also needs to consider what obligation it has to update all users – not just the ones who pay extra for security updates on retired operating systems such as Windows XP. Updating a computer’s operating system is easy and straightforward for individuals. However, for a network the size of Britain’s National Health Service, it is a time-consuming, expensive and complex process.
“For a company like Microsoft to say it won’t keep those systems safe unless they shell out more money, then that in itself is something of a ransom,” Dave Lee from BBC North America wrote. 5
There are still millions of computers using Windows XP, and without custom support, they’re all vulnerable — not just to this latest ransomware, but to dozens of other vulnerabilities unearthed in the last three years. They’re easy prey for botnets, spyware, and dozens of other criminal schemes, a persistent problem for anyone trying to secure the web.6
The latest possible culprit responsible for the attacks has been the Lazarus Group, reportedly working out of China on behalf of the North Koreans. A Google security researcher discovered similarities between code found within WannaCry and other tools believed to have been previously created by the Lazarus Group.7
Those clues alone are not definitive, however. Hackers often borrow and retrofit one another’s attack methods, and government agencies are known to plant “false flags” in their code to throw off forensic investigators.8
The Users – Where Actions Needs to Take Place
The broader problem is software upgrades outrunning their hardware, and it’s a problem that’s much bigger than Microsoft. A computer sold in 2007 likely isn’t equipped to run Windows 10 and millions of those old machines are still in use, which is why XP has remained neck and neck with Windows 8.1 in market share, despite Microsoft’s best efforts to dislodge it. 6
Why do some organisations stick with XP? Some of these PCs may be running XP-specific software for a particular task; others may not be internet-connected and are therefore somewhat less vulnerable. But it’s often an issue of cost, with organisations unable to afford to upgrade hardware and software — especially in the healthcare sector, where budgets are chronically tight.
In hindsight, sticking with XP may not have been the wisest move. Already politicians are arguing over whether a lack of funding was to blame for the National Health System being hit hard by the WannaCry ransomware. 2
Preventing Future Attacks
When it comes to current software, effective incentives are needed to persuade organizations to maintain computer security updates. One solution suggests stronger rules are needed to force the disclosure of cyber attacks. Penalties may be needed to encourage everyone to become better cyber-citizens.
Many pieces of digital equipment — like the MRI scanners used by the UK’s National Health Service (which run Windows XP), cannot be easily upgraded. The severity of last week’s attack indicates a concerted effort to upgrade vulnerable systems is well past due. This scenario of laggard network infrastructure is reminiscent of the millennium bug, another serious threat that forced an overhaul of many computer systems at the end of the previous century. Today’s cyber security crisis is beginning to look every bit as serious, and it demands an equally wide spread response. Governments and corporations alike must invest the time and money to keep us safe.
Experts agree that the extent of this latest attack, impacting so many parties, and, in particular, critical care providers such as hospital systems, may in fact be the attack that firmly plants “ransomware” into the mainstream and public discourse.
Though damaging, the WannaCry worm was not the worst that could have happened. Nastier variants could have wiped out data on infected computers. The ransomware has been a costly nuisance. Next time, we might not be so lucky. 9
In the spirit of preserving sensitive data, session recording offers a way to protect accounts that may assist in forensic analysis and offer a layer of protection against the ransomware viruses.
Would you like to know more? Visit www.tsfactory.com