Dimension Data > Security > WannaCry ransomware attack reinforces recent findings on cybercriminals’ tactics and targets

WannaCry ransomware attack reinforces recent findings on cybercriminals’ tactics and targets

TwitterFacebookGoogle+LinkedIn

WannaCry ransomware attack reinforces recent findings on cybercriminals’ tactics and targets

Mark Thomas | Group Cybersecurity Strategist, Dimension Data

Mark Thomas | Group Cybersecurity Strategist, Dimension Data

On May 12 a highly virulent self-replicating ransomware called WannaCry or WCry shut down computers all over the world.

Ransomware is a form of malware which essentially holds information or entire devices hostage e.g. desktops, laptops, or servers. Victims’ data remains encrypted and inaccessible unless the infection is removed. With WCry, victims are being told that after seven days, their files will be lost forever if the ransom is not paid.

The attacks initially targeted several healthcare institutions across England belonging to the National Healthcare Services (NHS). WCry is also causing disruptions at banks, hospitals, telecommunications services, train stations, and other mission-critical organisations in multiple countries, including the UK, Spain, Germany, and Turkey.

Over 150 countries have been affected, with Russia being disproportionately affected, followed by Ukraine, India, and Taiwan. Infections are also spreading through the United States.

What can we learn from this cyberattack?

The WCry ransomware variant leverages the ETERNALBLUE exploit included in the NSA toolkit leak earlier this year and which was subsequently patched by Microsoft in its update MS17-010. This points to the fact that ensuring timely patch updates should be high on the boardroom agenda.

In our recently-published Executive’s Guide to the Global Threat Intelligence Report we revealed that 53% of the vulnerabilities we identified in 2016 were disclosed within the past three years, which means that nearly 47% of vulnerabilities are more than three years old.

While the level of vulnerabilities detected in our clients’ infrastructure is lower than in previous years (a 6% reduction between 2015 and 2016), there’s still considerable room for improvement. Older vulnerabilities are still not being patched.

Governments should consider themselves as an attractive attack target

The fact that the UK’s NHS was the initial target of WCry supports our findings that attacks on the government sector are on the rise. Our Report revealed that cyberattacks on government organisations rose sharply in 2016, accounting for 14% of all attacks, compared to 7% in 2015.

Government agencies hold vast amounts of sensitive information, ranging from personnel records, budgetary data, and sensitive communications to intelligence findings. For this reason, they’re becoming an increasingly popular attack target, and should raise their defences accordingly.

We also determined ransomware accounted for 50% of our incident response engagements in the healthcare sector. This is largely due to their need to maintain continuous business availability, and how profound an impact ransomware can have on these organisations’ ability to operate safely.

What can you do to protect your business from ransomware incidents?

  • Require regular security awareness training for all employees so they’re up to speed on phishing, social engineering, and ransomware, how to identify attacks, what to do if they need help, and how to report possible attacks.
  • Strengthen your organisation’s business continuity capabilities to ensure quick restoration of operations if a ransomware incident occurs. This includes a comprehensive backup strategy that incorporates secure storage of offline backups, and confirmation of the organisation’s ability to rebuild systems and restore data.
  • Schedule vulnerability assessments to determine susceptibility to this software vulnerability.
  • Develop a policy for handling ransomware incidents and decide conditions under which a ransom payment is authorised, if any.
  • Consider engaging a third-party to provide real-time threat management (RTM) services to provide continuous threat monitoring activities. RTM combines collection, correlation, management, early warning and detection with 24×7 expert security analyses, and incident response, to keep your network ahead of today’s evolving risks.

Download our Executive’s Guide to the 2017 Global Threat Intelligence Report for more insights.