Some Thoughts on WannaCry’s 6th Anniversary
Happy Anniversary WannaCry. It’s a bit hard to believe the famous attack first surfaced on the 12th May 2017. It was ransomware of the old school – encrypting important files, then moving on to infect other machines on the network by exploiting vulnerabilities in the Windows networking stack. And it was effective, with many vital systems being brought down, including parts of FedEx and the UK’s National Health Service.
A fix for the stack vulnerabilities quickly appeared from Microsoft, but not everyone applied the patches as soon as they were available. So the attacks continued for some time, but six years later there’s not much left to attack in this way.
Does that mean all is well? Not exactly, because you can be sure there’s another vulnerability waiting to be discovered that will have a similar devastating effect. How can we be sure of that? Because the immense complexity of all the software we rely on inevitably means things will be missed. The recent discovery of Coldplay lyrics in the firmware of a disk controller illustrates this – it’s not clear how the lyrics got in there, but they did somehow, and if that could happen, what’s to stop some back door code getting into the firmware?
The easiest and best measure to take to defend against WannaCry and similar vulnerabilities is to apply patches as soon as they appear. This can be hard, as there’s so much software in any system that the patching is endless, but it is well worth the effort. For vulnerabilities discovered by the “good guys,” patching is important because as soon as the patch is available the “bad guys” know how to attack unpatched systems.
Looking beyond patching to secure your organization
But patching doesn’t help defend against the first wave of attacks based on vulnerabilities hackers are always working to uncover – the so called zero-day attacks. For these, the way forward is to reduce the attack surface of your system, so vulnerabilities within it are hidden from the attackers.
This gives you time to survive long enough to apply the patches when they appear. A Zero Trust approach to networking gets you a lot of the way here, as any vulnerabilities in the applications are hidden from anyone on the network who can’t authenticate. Speaking of Zero Trust, our Content Disarm and Reconstruction (CDR) solution helps prevent malware from entering your organization since it stops both known and unknown threats.
When it comes to securing governments and agencies that depend on delivering mission-critical data across complex networks and environments, our cross domain solutions keep information secure for highly critical systems, specialised solutions that use hardware logic can be used to eliminate the software attack surface.