The Next WannaCry Is Coming … Are You Ready?

1732

Last year, we saw WannaCry take down the IT and operational technology (OT) systems of organisations across the world in every industry. While the motives behind WannaCry are still the subject of debate, the might and reach of the “ransomworm” attack are indisputable.

But, which industry is most likely to fall victim to the next inevitable hacking scheme? Are there some sectors with more apparent threats or risks? And, will black hat criminals employ different tactics depending on the sector they intend to target?

Recent events, such as the attack on Syria by Western powers, has spurred concern that Russia’s reprisal will be a cyber-attack affecting the public sector, in particular the NHS. A consequence of insufficient awareness, the healthcare is a sector plagued by inappropriate legacy systems, and this problem is only compounded by the rapid introduction of new IoT devices into healthcare facilities. This, in tandem with the low cybersecurity awareness levels amongst frontline staff, is a serious challenge for an industry with what attackers view as incredibly valuable personal data. Black hat criminals can, and will, if given the opportunity, be able to disrupt the NHS as an organisation. By no fault of their own, they are basically a sitting duck.

Other sectors including energy, manufacturing and utilities are also vulnerable. This is primarily due to the fact that these sectors depend and function on connected industrial control systems which have recently witnesses a steep 120 percent increase in vulnerabilities. These sectors provide the foundation for our daily lives – from using heating systems, to charging our phones, a disruption to these services would guarantee widespread disruption for businesses and individuals.

Cyberdefense is usually confined to silos, which originate from disconnected processes, teams and network venues. Last year, we saw WannaCry take down the IT and operational technology (OT) systems of organisations across the world in every industry. Clearly, attackers see beyond the silo and when they strike, they penetrate deeper, slipping into cracks to press further into the network. While the motives behind WannaCry are still disputable, the spread of the “ransomworm” attack are not, and industries are vulnerable. In financial services, banking trojans such as Dridex, renowned for stealing banking credentials since 2014, adapt and change quickly. This considered, it is apparent that we need to be prepared for the next attack. Banking Trojans and ransomware are ever adapting and changing and are causing damage estimated in value of the hundreds of millions of dollars.

For many years now, the financial services sector has been at the front line of cyberattacks and, understandably, have made considerable efforts to reduce the risk of a successful attack. But there are still weaknesses amid the soaring complexity, and they’re facing a major rise in cyberattacks as hackers begin to take advantage of these flaws. In fact, according to the Financial Conduct Authority (FCA), cyberattacks against financial services companies rose by more than 80 percent in 2017. The need for security is now more crucial than ever.

Recent breaches show retailers are another prime target for hackers, despite point-of-sale malware attacks becoming less prevalent. Core networks are vulnerable, yet are not the only part that needs to be kept secure. Complying to regulations such as those enforced by the PCI Security Standards Council, are one of the many ways in which retailers can keep customer’s data secure.

The charity sector is an additional sector which has become considerably more vulnerable to cyberattacks. Similarly to the healthcare sector, the charity sector holds a wealth of information about individuals and are also limited in the resources they’re able to devote to security. The National Cyber Security Centre (NCSC) stated the charity sector is “particularly vulnerable” to cyberhacking, fraud, and extortion, with rogue nations considered a particular threat.

Ultimately, the threat of a cyberattack, to any organisation, isn’t going away, and all companies need to be ready for another global-scale WannaCry-type incident. In order to defend themselves against these vulnerabilities, organisations must implement tools that provide an overview of their entire network, so that they can identify where their vulnerabilities lie, and take the required action to manage these weaknesses. By establishing a threat–centric vulnerability management (TCVM) program to adapt to changes in the threat landscape, and to preempt those yet to come, businesses can help protect themselves, and their assets, against the next inevitable attack.

About Marina Kidron
Marina Kidron, Group Leader at Skybox Security Research Lab
In this article