Last week was all about WannaCry, the ransomware that piggybacked on a Windows exploit that had originally been developed by the US National Security Agency and was exposed to the world during the recent WikiLeaks hacking dump.
The UK National Health Service was a high-profile early victim but the compromise appeared and rapidly expanded its scope last weekend, as companies with poor patching practices were rapidly compromised and faced the reality that continuing their business might depend on whether they paid to get their files back. Even those with marginal exposure to Windows, such as those running Windows in a virtual machine on a Mac, needed to consider their exposure.
Microsoft quickly pointed the finger at the NSA, while investigators were pointing fingers at North Korean hacking groups and the high representation of victims in Russia had the country’s president Vladimir Putin calling for immediate discussions about the use of government-created exploits.
Whomever was to blame, most victims and potential victims just wanted to know what to do about WannaCry and how to protect their computers. With further, similar attacks expected and indeed rapidly appearing, some warned that paying the ransom might never see files decrypted, others were waiting for the fruits of an industrywide collaboration to provide a tool for decrypting WannaCry – which one security leader believes will happen within months.
Amidst questions as to whether WannaCry would be the wakeup call to finally make security a high-profile concern, there were warnings that the worst is yet to come as the group responsible for leaking the NSA tools said it has even more attack tools at the ready. Such is the life of a threat researcher, where crisis never stops.
The situation is likely to have had many CISOs engaged in difficult conversations with their CEOs as they ramped up their security crisis response plans. Outsourcing security is one option to consider as attack volumes increase – and those plans may get even more of a workout in coming months, as breach-notification laws look set to expose Australian businesses as being unprepared to monitor and diagnose cybersecurity issues. One option is simply to tell customers not to panic, as one Mac and iOS developer did after a breach hit its systems.
Amidst revelations that a growing number of cybercriminals are competing for increasingly scarce DDoS attack resources, digital-signature service DocuSign was hacked and its users’ email addresses stolen. Joomla 3.7 was hit by an easily exploitable bug.
Meanwhile, the vulnerabilities were a reminder that platforms such as iOS are generally more vulnerable against malware. Yet others are proving vulnerable, with biometric voice authentication facing compromise through ever-improving voice imitation technology. Highlighting just how hard it can be to fix these problems, appliance giant Miele offered a patch for its medical dishwasher – but pointed out that hospitals cannot install it themselves.