Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

WannaCry fallout -- the worst is yet to come, experts say

Maria Korolov | May 18, 2017
The massive scale of the recent WannaCry ransomware attack has exposed some significant weaknesses in global IT systems.

Malware writers are also likely to shift towards more "viral by default" attack designs with the potential for massive-scale infections, said Casey Ellis, CEO at Bugcrowd.

"The technique allows hackers to get a bigger payday from minimal effort," he said.

Another area where attackers are likely to improve is the income potential of their attacks.

“Wannacry was really focused on mass destruction and less on revenue generation with some major flaws in its tool kit," said Chad Holmes, principal and chief technology, innovation and strategy officer for the cybersecurity practice at Ernst & Young. "Now, since it is open to the public, what we will see in the next few rounds is the removal of these flaws and new versions will be leveraged more broadly for financial gain."

This fast evolution is possible because of the modular nature of WannaCry's design, said Diana Kelley, global executive security adviser at IBM Security.

For example, attackers could expand beyond ransomware, she said. "Other malware operators could borrow pieces of this code to execute other malware -- password stealing, remote monitoring/access, keystroke logging, and more."

Attackers could also build on the self-propagating features of the WannaCry campaign and add on several features designed for maximum business disruption.

That would be a worst-case scenario, said Scott Scheferman, director of consulting at Cylance.

"Imagine the same world-wide spread," he said, "But multiply the business impact and risk to human safety of a worm that effectively locks out every user in the domain over the course of the same weekend, making containment and eradication nearly impossible and also manages to exfiltrate the most sensitive information of each organization, and then exits with a last-hurrah ransom module to make some extra money on the way out."

Tough to fight against

The problem is that it's difficult to instantly patch all vulnerable systems, and we now have more vulnerable systems connected to public or internal networks than ever before, making them targets for self-propagating malware like WannaCry.

"It's very easy to for us to say, go patch your systems, but often the reality is that it's difficult for organizations to do," said said Steven Malone, director of security product management at Mimecast.

In addition to organizational complexity, there are also deeply embedded systems that are hard to update, and regulations that can make updates very onerous for certain industries.

"While it would be great to say that those regulations need to change to accommodate those kinds of security checks, realistically, that's going to be slow moving," he said. "Organizations need to look at how best to segment those machines from the rest of the network and even from human interaction."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.