Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

WannaCry fallout -- the worst is yet to come, experts say

Maria Korolov | May 18, 2017
The massive scale of the recent WannaCry ransomware attack has exposed some significant weaknesses in global IT systems.

The massive scale of the recent WannaCry ransomware attack has exposed some significant weaknesses in global IT systems, and we're likely to see more attacks leveraging similar techniques, and doing even more damage, security experts say.

WannaCry infected hundreds of thousands of machines in more than 150 countries, with direct ransom costs estimated at around $10 million, according to Cyence.

But that's just the start. Business interruption costs will add up to about $8 billion, according to George Ng, co-founder and CTO at Cyence -- up from the company's $4 billion estimate as of Sunday.

And cyberinsurance may or may not cover all of these costs, due to deductibles or coverage limits, said Cyence CEO Arvind Parthasarathi.

Plus, the next variant of the malware could be worse.

"It doesn’t appear that the WannaCry malware is exfiltrating data from infected hosts at this time," he said. "But we do not know if these attacks will be modified over time to have data breach implications triggering notification laws and cyber policies."

Several security experts pointed out that WannaCry wasn't as deadly as it could have been.

"WannaCry is an extremely simple piece of malware, written carelessly -- or purposely! -- with a kill switch," said Alex Vaystikh, CTO at SecBI. "In other words, if the attackers had wanted, they could’ve written a very silent, slow-moving malware, and achieved much more."

In addition, the variants of WannaCry that have come out so far haven't made full use of evasion techniques, said Lenny Zeltser, vice president of products at Minerva Labs.

"As a result, baseline antivirus products were generally able to block the malware at the onset of the attack," he said.

In the future, WannaCry variants could include sandbox avoidance, memory injection and other evasive techniques.

The first evolution of WannaCry has already hit, said Brian Hussey, vice president of cyber threat detection and response at Trustwave Holdings. There's a variant out now in the wild without the kill switch.

"If the security researchers identify reliable methods to disable the malware, then expect the attackers to overcome that with a new version," he added.

Attackers have already begun to morph their delivery vectors to evade detection, said Deepen Desai, director of security research at Zscaler.

"Yesterday morning, the Zscaler ThreatLabZ team identified a new attack vector used by WannaCry that utilizes the basic web HTTP protocol to attack systems," he said. "We believe that there is a possibility that these first two variants will combine to produce an attack that will be even more devastating. It could use a combination of standard open ports and protocols such as 80 and 443 which are essential in doing business to initially infect and then move laterally."

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.