In the ongoing struggle for cybersecurity, firms are finding that, as quickly as they can adapt, hackers can as well. Earlier this month, a type of malware dubbed “WannaCry” made news for affecting several major organizations, including Britain’s National Health Service (NHS) and Spain’s Telefónica, a large telecommunications provider.
While the attack has largely been dealt with, it’s worth examining both for its impact and for what it tells us about cybersecurity.
WannaCry is what’s known as ransomware, malware that makes files inaccessible and demands a fee for their release. In this case, WannaCry encrypts the files of any infected computer, making retrieval difficult. Even for individuals that have paid the fees, there is still no guarantee that their data will be released. To make matters worse, the malware is capable of spreading over internal networks, exploiting a vulnerability in Windows operating systems.
Information about the vulnerability was leaked in April as part of a larger reveal of known NSA hacking tools and weaknesses. While Windows since released a patch for the issue, a slow adoption rate among businesses left many vulnerable to this attack. Additionally, many NHS systems run on Windows XP, an operating system which has not received security updates for a significant amount of time. While the NHS was not specifically targeted, many cyberattacks center around healthcare services given the wealth of private information that they keep.
WannaCry’s developers have not been identified, though some security firms believe that the attack may be attributable to North Korea. Still, in cyberspace, it can be difficult to learn the precise origin of an attack. This isn’t their first attempt at ransomware, and an early version called WeCry was spotted in February. However, the efforts of a 22 year old self-taught cybersecurity expert prevented WannaCry from becoming an even larger issue.
Marcus Hutchins is being hailed as an “accidental hero” for discovering a domain hardcoded into WannaCry that acts as a kill switch—if it is able to be contacted. Shortly after the attack began, Hutchins found that the domain was unowned and registered it, preventing WannaCry from spreading further. Since then, the hackers behind the malware have attempted to bring down the site with DDOS attacks, trying to overload it with visitors. Hutchins responded by switching to a cached version of the site, which allows it to handle a much more robust traffic load. This exchange between the two parties is an example of why malware has a poor shelf-life—there are always security experts willing to respond. However, there is also no shortage of hackers willing to come up with new types of malware.
This attack also highlights the lethargy among businesses when it comes to keeping their devices up to date and secure. Windows 7 was the operating system most affected by the WannaCry attack, and unlike XP, still receives updates due to its popularity. Many computers affected by the malware could have been secured, but were not. While this vulnerability is alarming, it also illustrates that anybody can take steps to secure their computers, even if they aren’t versed in IT practices.
For development companies, WannaCry and other recent attacks have exposed the lack of preparation by many companies to deal with cybersecurity breaches in both infrastructure and software. In fact, some aren’t even aware of attacks until after the fact; a 2012 hack of LinkedIn was recently revealed to be more intensive than previously thought. Many development companies fail to provide security measures in their delivered product, with DevOps teams bearing the burden of securing code. Additionally, investing in monitoring systems should be considered for any company that produces code; a culture of proactive security needs to be formed to address these problems.
It’s unfortunate that it takes a large incident like this to open the eyes of businesses and companies to the value of implementing cybersecurity measures. That said, given the money and reputation lost in cyber attacks, these companies will come to understand how addressing these issues will make them more valuable to their clients.