Three important takeaways from the biggest global cyberattack

What can we learn from the rapid global spread of the WannaCry programme?

The world is raging with news of the biggest global cyberattack. The WannaCry programme, based on tools developed by the US National Security Agency, is ransomware which demands $300 in Bitcoin to unlock the files for each computer infected. Unlike a traditional attack which impacts a single device, this hits networks, and can therefore infect all computers in a company, and even affect cloud networks and back-up files.

At the time of writing 99 countries have been infected including the UK, Spain, Russia, Ukraine and Taiwan. Those impacted include both public and private sector organisations with the UK’s National Health Service (NHS) and public sector entities across Russia proving especially badly affected.

A British-based researcher appears to have limited the spread of the worm by registering the domain the malware was attempting to connect to. However, many still fear that pandemonium will strike again once office workers return on Monday morning.

The South China Morning Post warned that Hong Kong might be hit and quoted Michael Gazeley, managing director of local cybersecurity service provider Network Box as saying: “This is happening just before a weekend in Asia. By Monday, someone will go back to work, and click a link on an email, and wipe out the company.”

A lot has already been made of the archaic infrastructure run in public sector organisations like the NHS. But what can we learn more widely from this first fully global breach?


ONE: This has been a time bomb waiting to break

At the start of this year we ran a straw poll of security professionals to see what they thought the single biggest security threat of 2017 would be. Many highlighted ransomware.

“The growth in ransomware shows no sign of abating so I suspect we will see continued campaigns by the criminal fraternity and, very likely, new ransom targets as the attacker looks for more avenues for easy money. As the recent ransomware infection of the San Francisco Light Rail System shows, we can expect our transport, power and water systems to be targeted in a similar fashion,” suggested Tony Rowan, chief security consultant at SentinelOne.

The sheer scale of cyberattacks has also been escalating over the last couple of years. There have been countless private sector attacks and breaches while, perhaps more worryingly, in the US and France attacks have occurred in the run up to political elections. Authorities in Britain are braced for something similar as its election looms on June 8th.

Cybercrime is also increasingly professionalised and easy to orchestrate with services and ready-made kits available for sale on the Dark Web. Some cases recorded have even bordered on on the comical with one college kid in the US knocking out his university website to buy himself some time because he wasn’t ready for an online exam.

Once the Internet of Things really take off it will be even easier to take out IT infrastructure via ordinary objects like lampposts or CCTV cameras.


Also read:

The dark web & business report: A seedy Dickensian underworld online

The IoT “time bomb” report: 49 security experts share their views

CCTV hack: Insight from the eerie, yet fully legal, world of live streaming


TWO: Thankfully this about making money not spreading terror

Cybercrime like any other form of crime is governed by its motivation. The ‘smash and grab’ desire to earn easy money is definitely the most common and probably the least concerning of these motivating factors. Yet there can also be more ideological – dangerous – reasons for cybercrime. Once a politically motivated ideologue decides to make a determined play for critical infrastructure like, an electricity grid, this could cause true havoc and it could easily be played across a number of countries at once.

As Carl Herberger, VP of security at Radware told us in the wake of the Paris attacks in 2015 critical infrastructure is run by computers and has to be deployed with a degree of safety. Yet at present “none of it is not tested for cybersecurity” – not planes, trains or automobiles.


Also read:

Why we can’t stick our heads in the sand about cyber terrorism

What will the ‘mega security breach’ of the future look like?

Nov 5th analysis: What it would take to hack the White House

Paris attack: Will it take ‘cyber 911’ for people to see the risk?


THREE: This may be the catalyst necessary for organisations to take cybersecurity seriously

Up till very recently it was still quite hard for many organisations, of any type, to take protecting against cybercrime seriously. It was often viewed as a mistrusted and misunderstood cost item which could be ignored in the face of more pressing financial needs. Yet that the UK’s NHS was running Windows XP was a stunning oversight which could have been easily rectified if the budget had been allocated.

This global attack – more than anything else before – shows extremely clearly just how important staying security aware is and may be the wakeup call organisations across the globe need before something worse happens.