One Year Later: WannaCry, The Dawn Of A New Generation Of Cyber-Attacks
May 2018 by Check Point
A year ago today, after multiple days of digital bombardment, the cyber-security world changed forever.
Over one weekend, the notorious ransomware attack that would become widely known as WannaCry infected more than 200,000 machines around the world, causing billions of dollars in damages. Ransomware attacks occur all the time, but the speed and the scale of this particular attack - likes of which were never seen before – made international headlines as WannaCry spread to 150 countries. And just a few months ago, we saw WannaCry’s fingerprints on the ransomware attack that shut down the city of Atlanta.
WannaCry changed the cybersecurity game not just through its outsized impact; it made waves because of its outsized influence on the cyber-threat landscape. Marking a turning point in the cybersecurity environment, we were looking at the first global-scaled, multi-vectored cyberattack powered by state-sponsored tools. WannaCry marked a new generation – the fifth generation – of cyber attacks.
And it certainly wasn’t the last Gen V attack. It’s time for organizations to adjust to our new normal of cyber-attacks, which involves…
Leaked State-Sponsored Tools:
About a month before the WannaCry attack, a hacker group called the Shadow Brothers leaked an exploit developed by the National Security Agency (NSA). This exploit, labeled EternalBlue, would later be used as part of the WannaCry attack.
In the past, cyber criminals traditionally used simplistic, homegrown tools for their hacking activities. WannaCry marked the shift toward using military-grade weapons, hacking tools that are powerful enough for a national cyberdefense agency to use on international cyber-warfare. Just six weeks after WannaCry, NotPetya used the same exploit in its infamous attack on mostly Ukrainian critical infrastructure systems. And just recently, the SamSam ransomware attack that shut down the city of Atlanta relied on DoublePulsar – another NSA-developed exploit.
Cyber-criminals are upgrading their firepower and setting their sights higher than ever before.
Globally Scaled Tools:
As mentioned earlier, the WannaCry’s impact sparked an upswing in severe large-scale cyber-attacks.
In 2015, ransomware attacks caused $325 million in damage. By 2017, the attacks were up 15x at $5 billion, as companies lost productivity through the downtime and reputational hit. Along with the impact, WannaCry spawned hundreds of variants of ransomware. Recorded Future showed that before WannaCry, at the end of January 2017, they were tracking 635 variants of malware. Fast forward to February 2018, where 1,105 different malware variants were discovered – a 74 percent increase from just a year ago.
This globalized ambition is a defining element of the new generation of cyber-attacks – Gen V hackers are thinking bigger than ever before, as more and more criminal organizations are developing lucrative hacking operations.
Cyber-attacks are thought to be “computer hacks,” where they infect your personal computer.
Spreading through cloud networks, remote office servers, and network endpoints, WannaCry was able to “divide and conquer” because it needed just one entry point in order to infect the entire system. This multi-level approach allowed WannaCry to easily overwhelm companies that followed the usual security strategy of picking their favorite product from different vendors for each entry point.
This best-of-breed strategy means that companies often pick one specific product for their mobile devices, a different one for their cloud networks, and another unique product for their network security.
It’s not an illogical strategy, per se, but that’s what WannaCry (and other Gen V attacks) want: a disparate, disconnected defense that isn’t working in unison to cover all bases.
As we acclimate to our new normal, organizations simply have no choice but to adapt.
We’re a long ways away from organizations getting up to speed with their cybersecurity infrastructure. Our recent survey revealed that only three percent of companies are equipped today to handle a WannaCry-style Gen V attack.
Taking on an attack like WannaCry requires cyber security that can proactively prevent threats (as opposed to reactively detecting them once the damage is done). To combat Gen V attacks’ multivector approach, organizations must also secure their cloud and mobile system. Together, unified threat prevention systems that secure all vectors are able to defend against these modern, innovative attacks.
Yet today, the vast majority of organizations are as vulnerable to WannaCry as they were exactly a year ago. Whether they’re ready or not, the new normal is here.
Don’t get blindsided - Check Point Infinity offers the unified, multi-vector, threat prevention system best equipped to handle a Gen V attack. Learn more here.