In May 2017 the biggest ransomware attack in history broke out. Known as “WannaCry,” the now infamous ransomware spread like wildfire, affecting PCs around the world. One year on, the same malware – which exploits the EternalBlue vulnerability – is still prevalent.
Avast has detected and blocked more than 176 million WannaCry attacks in 217 countries since the initial attack. And in March 2018, we blocked 54 million attacks attempting to abuse EternalBlue. Given the publicity around the attacks, it could be assumed that people and businesses would have completed their system updates. Our data, however, shows that nearly one third (29%) of Windows-based PCs globally are still running with the vulnerability in place.
In the year since WannaCry did its damage, we’ve spent time investigating it and subsequent attacks to gather insights that can help us understand what needs to be done to prevent this sort of cyberattack from happening again.
If only there was a patch for poor patch adoption…
Despite WannaCry’s widespread attention and the devastating effects it had, people still failed to patch their systems. This begs the question: why are people not patching?
Firstly, it could be due to a lack of understanding around patches or software updates. The average consumer may not be aware that systems contain vulnerabilities, which cybercriminals can exploit. Once vulnerabilities are found, software developers typically issue a patch to rectify the problem. WannaCry’s impact could have been greatly minimised had more people downloaded the patch as soon as it was available.
The second possibility is that consumers don’t like interruptions. Patching a system or programme requires users to stop what they are doing, which might discourage them from running updates. Another reason why people may not update is to resist change. Operating system or programme updates can change familiar programme environments, which isn’t always welcomed
Thirdly, businesses and organisations like the NHS may place system updates into a planned calendar that fits around activity as it can be potentially very disruptive. For an organisation like the NHS, it also can necessitate the reduction of services while the update is carried out. In these cases, the balance is weighed between the risk of not patching and the expected disruption.
Patch perfect – what the technology industry must do better
In order to improve patch adoption, the technology industry needs to work together to raise awareness of patches. People may be more inclined to patch if they realise there is a problem that could negatively affect them.. Just as the technology industry has worked at building awareness of digital security , now it must work to educate and develop understanding of the importance of patching. These two things together are a powerful deterrent to cybercriminal activity.
It is not enough for users to become more conscious of patches; the inconvenience associated with them needs to decrease as well. This could be done by updating in the background or in smaller doses, or by simply making people more aware of overnight updates.
Finally, software developers should consider that their systems may live beyond their intended years. Windows XP, for example, is still being used by 4.3% of Avast users, although Microsoft no longer provides support for this popular operating system.
Businesses also need to get serious about employee education. Hackers like to exploit human mistakes, making it vital to ensure employees are aware of security best practices and that organisations appropriately limit access rights. Penetration testing is a great way for companies to see where their weaknesses lie.
Consumers also benefit from receiving educational information about personal device security and the role of patches. While they don’t have business tools to rely on, there are other services available that can help them ensure their device security.
Ultimately, it is clear that users need help and education about security and guidance through the necessary steps. At the same time, software distributors need to ensure the updates they push to their customers are clean. If this can be done, then the collaboration and contribution of users and the broader technology industry is a truly powerful one in the fight against malware.