The WannaCry ransomware outbreak that has dominated new cycles since Friday was preventable. I’m hoping this will be my last post on the subject, pending any potential developments.
The attack took advantage of a vulnerability in the Microsoft Windows operating system, which was patched on March 14, 2017. What that means is that Microsoft was aware of the vulnerability and issued an update to fix it.
The problem is that hundreds of thousands, if not millions, of computers were not updated with the patch. This is really inexcusable. While it’s true that in the past, and probably in the future, some patches have caused unexpected problems, the percentage of this occurring is relatively low. The risk in not applying a patch due to this fear, is considerably high as evidenced by Friday’s outbreak.
Another factor that contributed to the success of this attack is the number of unsupported operating systems still in use at businesses throughout the world. Windows XP and Windows Server 2003 were specifically targeted. Yet another factor is that only one person within a company needed to initiate the attack. Once activated, the attack spread across computers in a worm like manner, not requiring additional user intervention to continue spreading.
In my business, we will not support a customer who refuses to replace obsolete and out of support hardware and software, for this very reason. The risks are simply not justifiable. I also believe in a layered approach to security, not simply relying on a single line of defense to protect you. Firewalls need to do more than just port forwarding and packet inspection. The need to employ advanced services that help safeguard the network against ever changing threat vectors. Innovative technologies like Cisco Umbrella are becoming a critical layer of defense. Umbrella is a DNS service that inspects all calls to the Internet and blocks malicious traffic and sites. An adaptive anti-virus and anti-malware solution that updates in real time, as opposed to downloading daily updates is another important layer of defense.
While Friday’s outbreak appears to be contained, the code has been widely distributed. This means copycat attacks are a strong possibility. The sky isn’t falling, but neither are you living inside of Fort Knox. Don’t let down your guard.
There are some reports emerging last night and this morning suggesting that hackers linked to the North Korean government may be behind this attack. At the moment, the evidence is not definitive and based on comparisons of past attacks that have been tied to these groups. It may take months before we definitively know who was behind this attack.