For the last week and a half, the world has been under attack by hackers. This statement is not new because the same statement was true a month ago, a year ago, a decade ago, and even two decades ago. The Internet transitioned from a government controlled communications system to a publicly accessible tool in the early nineties.
Criminals began exploiting the internet soon after it became available. Today, the Internet is far more sophisticated than it was thirty years ago and so are the hackers. What makes the cyber attacks of the last few weeks unique is the way the hackers gained access and compromised systems. The process employed by the hackers overall is not new; phishing has been around for many years. Phishing is the process of sending fraudulent messages that appear to be from legitimate users; the message usually contains a link and when the victim clicks that link, several things can happen. One is that software like spyware, ransomware, or other malware is installed on the system and restricts access or transfers data to an unauthorized source. Another thing that can happen is that the victim is asked to provide payment information and that payment information is then used fraudulently. With the WannaCry ransomware, the tools that the hackers used with the phishing emails are what make this attack unique. In the immortal words of Yogi Berra, “It ain’t over ‘til it’s over.”
WannaCry exploited older systems with known system vulnerabilities; it also exploited smaller systems rather than large server installations. Additionally, the hackers requested a relatively small sum to release the encrypted files back to the victim. Finally, the tools used by the hackers that enabled them to exploit these systems were known by and released in the NSA toolset. Each of these factors has some interesting ramifications discussed below and we end with four simple tips on protecting your system: Upgrade, Update, Protect, and Patch.
One of the things that I found most interesting about the WannaCry attack was that it was almost exclusively focused on older versions of Windows. Kaspersky Labs, one of the world leaders in malware analysis, has released some interesting statistics. According to Kaspersky, the vast majority of systems affected by WannaCry were machines running Windows 7, over 98% of the affected population. Machines running Windows XP followed as the second most affected system. Windows Server 2003 and Windows Server 2008 systems were also impacted but the group comprised less than 1% of the affected systems.
(Image credits: Costin Raiu / Kaspersky Labs)
Of note, Windows 10 users left unaffected.
In this latest attack, the amount of money requested by the hackers seemed small; one may speculate that the hackers were banking on a high volume of small ransom payments. While others theorize that the attackers used WannaCry as a trial run for a bigger attack later. This article outlines while the latter category may be more likely.
New information regarding WannaCry indicates a second potential hack is on the way. The hacking tools that were used to make WannaCry so effective were pulled from the recent leak of the NSA’s hacking toolset. Essentially, the hackers obtained the system exploits and successfully weaponized the software. The software took the form of a self-replicating worm that jumped from host to host.
The anticipated attack would work in essentially the same way; however, it would use seven of the leaked NSA hacking tools. As an example, the worm, EternalRocks, has been discovered and analyzed to conclude that, in its current state, it does not contain a payload. This means that as of the analysis, the worm did not also contain a ransomware attack as well.
Unfortunately, a report from The Latest Hacking News website states that EternalRocks worm is sneakier than WannaCry. It uses the exact same file names as WannaCry, which would cause security professionals to misidentify the threat as WannaCry and respond as though a system had been compromised by WannaCry. EternalRocks could be weaponized with a payload in minutes.
How do you protect from attacks like these? The steps are fairly simple: Upgrade, Update, Protect and Patch. Upgrading to a new operating system that is different from the one you know may seem difficult, but maintain an up-to-date system is the best protection against hacking that exploits known system vulnerabilities. These are simple steps but can not only prevent a large system failure, they can prevent your computer from becoming Patient 0 and infecting the rest of your network.