Some of the code used to programme the worm had previously been utilised for malware distributed by the Lazarus Group – hackers that were also responsible for the 2014 Sony attack which was blamed on North Korea. The Windows vulnerability that had been identified was originally stolen from the NSA by a group of hackers called Shadow Brokers.
The attack uses a vulnerability known as EternalBlue, a weakness in the NetBIOS implementation. Microsoft has issued a patch which can be found here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
In Britain, hospitals were locked out of their systems. In Germany, railway displays stopped working. Russia was badly affected and China, a booming marketplace for pirated software, was also badly affected. In Spain, the telecom provider Telefonica broke down.
A 20-year-old software engineer found the ‘kill switch’ for the software over the weekend. However, as the worm mutated, the switch didn’t stop its distribution for very long. As businesses opened after the weekend and computers were turned on, the worm began spreading further. So far, more than 230,000 computers in over 150 countries were taken out, and numbers are still rising.
This once again shows us how vulnerable our digital society is. It is another wakening call for enterprises to take security more serious. On the one hand, the vulnerability was known for several months and many failed to adequately assess the risk they were exposed to and failed to secure their systems. On the other hand, many organisations still operate equipment running on outdated unsupported operating systems. While it is understandable that critical infrastructure hardware is difficult and expensive to replace, modern antimalware systems could have stopped the worm from reaching them.
It remains to be seen how long it will take for the affected organisations to return to normal operations. Once again, we will see the importance of resiliency. It is not enough to detect and attempt to contain malware, we also need to focus on restoring our systems as soon as possible once the breach is contained. How well we do this remains to be seen over the next few weeks.
Cognosec AB (publ) (Nasdaq: COGS) is engaged in the provision of cyber security solutions and conducts its operations through the Swedish parent company and through subsidiaries in South Africa, UK, Kenya, and the United Arab Emirates. The Group delivers services and technology licences to enhance clients’ protection against unwanted intrusion and to prevent various forms of information theft. The parent company is domiciled in Stockholm, Sweden. Cognosec employs 110 people and had revenues of EUR 16.8 million in 2015. Please visit http://www.cognosec.se for more information.
For Cognosec AB:
Magnus Stuart, IR Officer
Matthew Watkins / Astor Sonnen
SOURCE Cognosec AB