Experts at a security round table event in Sydney yesterday said business owners are too focussed on what's going on now, inside their businesses, and not looking at outside threats. As a result, when events such as WannaCry and NoPetya strike, they are unprepared and get hit hard.
Tagged With wannacry
Today's release of security updates for Windows XP, Windows 8 and Windows 8.1 signals an about-face by Microsoft. In the wake of the WannaCry outbreak, the intention was to stem the spread of a virulent and damaging ransomware attack. But should the company keep patching an operating system that has been out of mainstream support for over eight years and extended support for three?
Mega breaches often garner the biggest headlines. Target in 2013 signalled the start of this, but since then we've seen Yahoo!, our own Red Cross Blood Bank, the US Department of Personnel Management and others suffer data exfiltration either by malicious parties or through human error. But something more troubling has been happening and it has me worried. Many of the protocols we rely on are under threat.
Earlier this week, I wrote about some analysis conducted by Symantec that suggested WannaCry was likely linked to threat actors from North Korea. But there's further evidence now that has people wondering what is really going on.
Symantec's researchers have uncovered a potential link between the WannaCry ransomware worm, that hit systems just over a week ago, and code used by the Lazarus Group, the hackers that attacked Sony in 2015 and $81M theft from the Bangladesh Central Bank and are believed to be based in North Korea.
With WannaCry garnering a lot of attention over the last few days, it's easy to forget that the root cause of the damage it wreaked is still out there. The vulnerability it exploited was a weakness in Windows' file-sharing protocol. And while the threat of WannCry has been largely contained, if the vulnerability, dubbed EternalBlue by the NSA, remains unpatched, it can be exploited by others. And that's something being identified in the wild.
Microsoft's President and Chief Legal Officer, Brad Smith, says this week's WannaCry attack "provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem". And while Smith says Microsoft and other tech companies need to take the lead on combatting these widespread attacks, he highlights the shared responsibility required to protect, detect and respond to threats.
Krebs on Security reports that the WannaCry ransomware attack has netted the bad guys a total of just US$26,000. That might not sound like much, but it's probably a drop in the ocean compared to what it has cost businesses around the world.
By now, you'll know all about WannaCry - a ransomware attack that ran rampant late last week and over the weekend. While ransomware attacks suck - they can cost a lot to recover from whether you measure that in ransoms or time lost in recovery - the worrying thing about WannaCry was the attitude of many organisations when it comes to updates and patching.