Ransomware called Wanna Decryptor, which exploits tools developed by the US National Security Agency to exploit a flaw in Microsoft Windows, also infected countless other organisations around the world including FedEx, Renault and the Russian interior ministry.
Infecting 200,000 machines in 150 countries since the outbreak began on Friday, it is one of the biggest coordinated cyber-attacks in history.
The ransomware locks users’ files and demands a £230 ($300) payment to allow access.
Several cybersecurity experts have shared with IFSEC Global their thoughts on the implications and lessons to draw from the attacks.
Jason Allaway, VP UK and Ireland, RES
“Recent events are clear evidence that many healthcare organisations still need to invest in an integrated approach to security”
It’s becoming more common to see ransomware attacks against healthcare organisations; after all, they are a prime target for attackers due to the nature of the data they hold.
It’s not just a monetary loss when it comes to medical facilities: it’s far more important. The fact that East and North Hertfordshire had to suspend all of their non-urgent activity and shut down A&E is a testament to how much they rely on their data to operate.
Education, vigilance and proven technology such as context-aware access controls, comprehensive blacklisting and whitelisting, read-only access, automated deprovisioning and adequate back-up need to be put in place by healthcare organisations to both prevent and combat this problem as efficiently as possible.
Recent events are clear evidence that many healthcare organisations still need to invest in this integrated approach to security.
Dr Jamie Graves, CEO of ZoneFox, which specialises in combating insider threats
“It highlights the ever-increasing importance of having 360-degree visibility of activities and behaviour around business-critical data”
The large-scale cyber-attack on our NHS is a huge wake-up call. The effects of this data breach include hospitals having to divert emergency patients, with doctors reporting messages from hackers demanding money, a clear signal of ransomware activity.
It also highlights the ever-increasing importance of having a 360-degree visibility of activities and behaviour around business-critical data – particularly for large organisations like hospitals. Because the NHS holds some of the most sensitive data of all – individuals’ health records – it’s a goldmine for criminals.
This attack could have severe impacts on critical medical procedures – not just a case of reputational damage and financial loss. Fundamentally, the government needs to pool cybersecurity specialists together to tackle this growing threat to ensure this does not happen again.
Ilia Kolochenko, CEO of web security firm, High-Tech Bridge
“Organisations that have fallen victim to this attack can consider contacting their legal departments to evaluate whether IT contractors can be held liable for negligence and breach of duty”
This incident exposes how a two-month old vulnerability can cause global panic and paralyze the largest companies and governmental institutions on all continents. Worse, cybercriminals could have easily released this worm just after the NSA’s zero-day data was leaked two months ago, and this would have led to much more destructive consequences.
There is nothing new in this particular attack, and the main cause of the epidemic is our failure to adhere to cybersecurity fundamentals.
Many companies were infected because they failed to maintain a comprehensive inventory of their digital assets, and just forgot to patch some of their systems. Others omitted or unreasonably delayed security patches. Last but not least: malware’s capacity to self-propagate leveraged the lack of segregation and access control within corporate networks.
It would be unreasonable and inappropriate to blame the NSA for any significant contribution to this attack. Similar zero-days are bought and sold almost every day, and many other organisations participate in these auctions – virtually anyone can (un)intentionally leak an exploit and cause similar damage.
The real problem is that in 2017, the largest companies and governments still fail to patch publicly disclosed flaws for months. Practically speaking, the NSA doesn’t really need a zero day to get their data – their negligence invites attackers to get in.
Companies and organisations that have fallen victim to this attack, can consider contacting their legal departments to evaluate whether their IT contractors can be held liable for negligence and breach of duty. Failure to update production systems for over two months can certainly qualify at least as carelessness in many jurisdictions.
Paul Barber, IT Specialists
“We think this is just the tip of the iceberg and many attacks go unreported, especially within the SME community”
It is appalling that our health service would be targeted, but we must focus on employee education and insist on vigilance at all times, especially as it seems that this is a ransomware attack.
Of course, updating all software to the latest patched versions, installing and updating your AV, and having robust security solutions will help. But the most important thing is to ensure daily offsite backups are in place to protect business data. These steps will guard against other malware and non-malicious incidents.
Email continues to be the most common way to be infected by ransomware, which highlights the critical need for employee education. The lack of this education is manna from heaven for cybercriminals, who can click and send mass emails to generate profit, as they calculate that at least some of the emails will be opened.
While public sector bodies have a civil duty to share the devastating effects of a cyber-attack, we think this news of attacks is just the tip of the iceberg, and many go unreported, especially within the SME community.
Government offices will have IT teams and funding to restore information, even if it was not backed up adequately. However, we believe that the greater threat lies with the small businesses that have installed an anti-virus and believe they have adequate protection.