WannaCry Outbreak Is Just A Tip Of An Iceberg

Uploaded on 2017-06-02 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cybersecurity experts called the recent international cyberattack known as “WannaCry” among the worst they have seen, and warned about the country’s lack of cyber-security preparation.

“This is only the beginning of a very, very long list of bad stuff,” said Brett Scott, co-founder of the Arizona Cyber Warfare Range. “It’s about as bad as one can imagine. I suppose one day it will get worse because every time I think we’ve hit the limit, it always gets worse.”

Frank Grimmelmann, president and CEO of Arizona Cyber Threat Response Alliance, called WannaCry “simply the tip of the iceberg.”

“If vulnerabilities are there,” he continued, “it’s not a question of if you will be attacked or will they ultimately be successful. It’s a question of when.”

The WannaCry malware that swept around the world infected vulnerable computers and held the data on them hostage by encrypting files and demanding a ransom to unlock the files.

The attack made its way through multiple countries, including Russia, parts of Europe and the US Reports said the ransomware is believed to have been developed from digital tools devised by the US National Security Agency, stolen by a group of hackers known as the Shadow Brokers, and leaked online in April, reportedly to protest Donald Trump’s presidency.

The malicious software exploited a Windows computer vulnerability that allowed it to spread. A patch was released by Microsoft in March, but computers that had not been updated are at risk of infection.

Among the affected systems were hospitals, government offices, and FedEx. It was not the first ransomware attack, and experts are certain it will not be the last.

Tom Kellerman, CEO of Strategic Cyber Ventures said he and many in his industry see this as “almost a trial run.”

Kellerman said the inter-networking of smart devices has only increased vulnerabilities, “given all the opportunities that it provides” a hacker.

While WannaCry mostly hit business and government systems, Kellerman warned that the next targets could be homes.

“You can walk away from work and call it a day. But these things now will impact your personal life and safety at home, should they not be corrected soon,” he said.

Grimmelmann said he believes that businesses and individuals will ultimately adapt to combat cyber-attacks, but added that the WannaCry attacks demonstrated “the danger of knowing that vulnerabilities exist and not making vendors aware of them, therefore not having patched systems.”

Scott said because the attack utilised “state-sponsored weaponry,” the hackers exploited a “vulnerability that no one was aware of.”

“We are, as a country, very ill-prepared,” he said. “The US government does not know how to deal with the loss of their toys and because they don’t know how to deal with that, we are all suffering and we will all suffer a lot more.”

Scott said the future of cyber protection lies in the hands of businesses and individuals, and not solely in the hands of the government.

“I think that this is actually the moment when everyone can be called to the table and say, ‘Do you realise now that government is not the answer to these problems?’” he said. “Play time is over. It’s time to get serious.”

Ein News

You Might Also Read:

North Korea's Unit 180 Managed WannaCry Attack:

WannaCry Also Hit Windows 7 Systems:

 

Current Cybercrime Threats Originate In Espionage:

 

« Mystery British Airways IT Failure
Russian Hackers Sow Disinformation Via Leaks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

Dutch Accreditation Council (RvA)

Dutch Accreditation Council (RvA)

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Hack-X Security

Hack-X Security

Hack-X Security provide IT risk assessment and Digital Security Services. We are a trusted standard for businesses that must protect their data from cyber-attacks.

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.