Companies caught their breath on Monday, following the worldwide spread of the WannaCry ransomware program last week, a digital epidemic that infected at least 200,000 devices in dozens of countries around the world.
As security experts continued to investigate the incident, they quickly concluded that the attack could have been stymied by basic digital hygiene, such as patching and vulnerability management. Companies that took those steps reliably and double-checked that there were no weak points in their malware defenses, were protected from WannaCry, also known as WannaCrypt.
“These are a lot of the issues that we, as an industry, know that we have, but we have not been getting out in front of them,” Juan Guerrero Saade, senior security researcher with Kaspersky Lab, told eWEEK.
Saade pointed out that companies have to patch more consistently and more often. Yes, WannaCry used a vulnerability in Microsoft’s Windows operating system, known as EternalBlue, that was previously not known until it was outed by the so-called ShadowBrokers malware distributors, but that was patched in March, he stressed.
“The Eternal Blue exploit was a zero-day when it came out, but the patch has been out for more than two months,” he said. “With patching, we need to do better.”
The program known as WannaCry may have been around since as early as February 2017, and a Google researcher discovered on May 15 that certain pieces of code match signatures of the Lazarus Group, which is believed responsible for the Sony Pictures hack and the theft of millions of dollars from the Bangladesh central bank. However, the group may have made as little as $56,000 from the attack, according to a group that is tracking the bitcoin wallets used by the attackers.
Many companies got lucky this time around. A security researcher, who asked to be identified only as “MalwareTech,” found a domain name in WannaCry and registered it on Friday, serendipitously discovering that it was a kill switch for the software. The spread of the software has been dramatically blunted since the registration.
However, MalwareTech doesn’t believe the attacks will end there. “No, I imagine they will come back again next week with a new wave of attacks,” he told eWEEK on May 12.
Already, Kaspersky Lab and other companies have seen copycats modify the code and attempt to spread their own version of the software.
Companies should make sure that they systematically handle patching, using a vulnerability management system, business intelligence firm Gartner stated in a post on May 15.
While Microsoft has taken some heat for the missing the vulnerability in its software—and in turn, pointed the finger at the intelligence community for stockpiling vulnerabilities—Gartner argued that the security community’s focus should be on defense and investigation, not blame.
“While it’s tempting to point fingers at others, one of the key stages of incident response is to focus on root causes,” Gartner’s research director Jonathan Care, stated in a post. “Hindsight is always 20/20, and picking apart why systems were not migrated does not dig you and your enterprise out of the mire right now.”