The world prepared for an “cybersecurity internet doomsday” on July 9, 2012: a complete collapse of...
The Influence of WannaCry on Modern Cybersecurity
WannaCry wasn’t an especially complex or original ransomware attack. But what set it apart was how quickly it spread. Malware might move easily from one device to another by using the EternalBlue attack and a weakness in the Microsoft Windows Server Message Block (SMB) protocol.
Because of this, when the WannaCry “ransomworm” infected networks in 2017, it spread to cause havoc on major systems all over the world.
Though the attack’s spread was slowed by the identification of a “kill switch” in the code, and recently created patches addressed the SMB vulnerability, WannaCry ultimately developed the way for the creation of synchronized defense strategies that emphasized information sharing to lessen the impact of attacks.
What vulnerabilities in popular security frameworks did the attack expose, and how did it change the course of cybersecurity? Looking back on WannaCry five years later is worthwhile to find any worms of wisdom.
Want to know more about Cybersecurity? Visit our course now.
WannaCry: Anatomy of a Ransomworm
WannaCry’s important aspects were straightforward and well-known. After infecting a system, the WannaCry executable extracted three components using a self-contained malware dropper: an encryption program, files holding encryption keys, and a copy of The Onion Router (Tor), which allows for anonymous communication.
However, WannaCry stands out because it used the SMB vulnerability to spread across several network-connected devices. EternalBlue, an exploit project, turned WannaCry from a barely bothersome threat to a major problem.
EternalBlue was initially created by the National Security Agency (NSA), but was eventually taken by the Shadow Brokers, a hacker organization, and made public on April 8th, 2017. Just over a month later, WannaCry started attacking major systems all across the world, including the National Health Service in Britain (NHS).
A Tweet provided the story. The same message appeared on devices around the NHS: “Oops, your data have been encrypted! All altogether, WannaCry took down one-third of hospitals and compromised 70,000 NHS devices. Even though the $300 ransom demands were almost embarrassingly modest in comparison to contemporary exploit attempts, the attack’s scope and size put security experts all across the world on edge.
Flipping the Switch
Cybersecurity experts expected a significant attack in 2017. They are unaware of the specifics, but they have been aware that quickly changing enterprise network topologies provided the best frameworks for hackers to target businesses. While a security storm was expected, a complete cyber catastrophe was not expected.
Thankfully, a “kill switch” was found in the WannaCry code by security researcher Marcus Hutchins. The malware attempted to connect to a specific URL that didn’t exist before encrypting any data: iuqerfsodp9ifjhgosurijfaewrwergwea.com
WannaCry would start encrypting if a connection couldn’t be made. It ceased if the connection was successful. The goal of this hard-coded URL, in theory, was to prevent security researchers from running the malware in a sandbox and seeing it link to popular URLs. In actuality, Hutchins activated the fake URL by registering it, which helped to slow the spread of WannaCry.
This kill switch helped in halting the spread of the ransomworm. But when it comes to WannaCry, the emotion hasn’t stopped yet.
(Wanna)Cry Me a River
Even though the majority of WannaCry’s damage was done in the days and weeks following the attack in May 2017, cybercriminals didn’t just stop operating. Instead, they spent their time creating new versions empty of kill switch parts which were simple to locate, and then they used these attacks against computers that still had the SMB flaw.
The facts are in the numbers. The amount of WannaCry assaults climbed by 53% from January to March 2021. Despite the ongoing risks, many security professionals agree that the attack’s flaws were what probably doomed it. They claim as well that not enough has been done by industry and government organizations to stop a repeat of such attacks.
The result? After its initial attack, WannaCry left a triple legacy.
We’re All in This Together
As was already mentioned, the WannaCry ransomware itself wasn’t very well-designed or inventive. Even the URL created by hackers to stop security teams from looking into the specifics did more harm than good because it appears they didn’t think anyone would just register their false URL and damage their efforts.
However, WannaCry did influence the fact that businesses weren’t separated from security threats. In turn, this prepared the path for a more cooperative defensive response that prioritized threat sharing over keeping security details closely guarded out of fear of industry pushback. The rapid uptake of sprawling cloud networks and connected devices provided the ideal path for ransomworm duplication.
The More Things Change…
The WannaCry attack also made an impact on cybersecurity by showing that real change is challenging to accomplish, regardless of how extensive an attack is or how adaptive its code is over time.
Think about applying patches automatically. After WannaCry started spreading, Microsoft created a patch for its SMB vulnerability right after. However, five years later, some businesses have still not upgraded their software to close this vulnerability.
WannaCry: Bad Code, Worse Results
WannaCry was not very creative and had a low build quality, according to analysis. Even if the code was terrible, all it needed to do was compromise a few network systems to have catastrophic effects. The result was a shattering realization that how an attack is used, not how it is coded, determines its success.
In other words, if attackers can get around essential systems, it doesn’t matter what kind of security controls are in place. Even badly written and poorly performed code can propagate between businesses and across networks, breaking thousands of devices. Simply put, this ransomworm was alarming because of its purpose rather than its appearance.
In summary? Because it exposed the basic vulnerability of networked systems, WannaCry significantly altered the course of cybersecurity. And although its brief rampage helped to highlight the need for improved data sharing across industries and processes, it also made some businesses overconfident in their ability to deal with new threats.
In the end, WannaCry is still active, serving as a reminder that even “old” security threats never go away; they are just less common.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com