This year the world has seen the largest cyber security attack in history. But since it’s only July, things could still get bigger before the year goes out.
Here’s a look at the global cyber security attack, and what to expect (and prepare for) in the future.
Round One: An NSA Tool is Released
When WannaCry spread across the globe, we learned a few things about this viral bit of ransomware. For one, it was based on exploits reportedly created by the National Security Agency, but then leaked by the hacking group ShadowBrokers.
Secondly, while it infected more computers in more nations than ever before, it was relatively harmless. It made only about 50,000-60,000 US dollars.
Some experts suspected that it had a North Korean tie since segments of code directly copied that of the Lazarus group, a suspected North Korean-front linked to the 2014 attack on Sony Pictures. But then, it could be that someone else intentionally copied Lazarus group’s code to let North Korea take the blame.
Regardless of who created it, the most dangerous thing about WannaCry was not the virus itself. Sure, it didn’t require clicking on a malicious phishing email that most ransomware requires, and could spread over the internet. But a kill switch was quickly created and it used an outdated Windows vulnerability that Microsoft already patched.
No, the most dangerous thing about WannaCry was that it could have been merely a warm-up round.
Round Two: Copycats get More Sophisticated
Then came Petya. Still utilizing those patched Microsoft Windows exploits known as EternalBlue, the next global cyber security attack got a little more sophisticated:
- No kill switch
- Uses other parts of Windows to infect computers, including seizing user credentials
- Locks the entire hard drive instead of just the files
- Spreads internally on networks, even if only one computer has outdated Windows
- Demands $300 bitcoin
Like WannaCry, even if you pay Petya, you don’t get your files back. Also like round one, Petya impacted a large variety of companies, from Russian oil and gas company Rosneft to US-based pharmaceutical company Merck. Ukraine was hit the hardest—banks, the postal service, government offices, and metro system were all hit. Even the monitoring system of the Chernobyl nuclear power plant has been affected.
But if Windows is up-to-date, Petya doesn’t work. No, the most dangerous thing about Petya is not the virus itself, but that it may have been only round two.
Round Three: Who Knows
Cyber attackers have a bad habit of copying other code and learning from mistakes of the past. That means that each successive attack using the same tool potentially gets more sophisticated. Like so many other bad ideas, cyber attacks such as these also earn more copycat actors.
So what do you do, in the face of such very real global cyber security threats?
The most important first step is to have updated systems. The moment an update is issued for any system or software, install it. Most companies will not tell you about security flaws that have been discovered (not wanting to risk making that knowledge more widespread) but will do their best to quickly issue patches for vulnerabilities once discovered.
The next thing to do is to have a cyber security action plan. You know what to do in the event of a fire. You may even drill earthquake procedures in your area. Do you know what to do in the event of a cyber attack? Every business that utilizes the internet should.
Finally, have threat mitigation services on speed dial. We’ll help you identify threats and stop them.