X-Labs
Mai 15, 2023

Some Thoughts on WannaCry’s 6th Anniversary

Dr. Simon Wiseman

Happy Anniversary WannaCry. It’s a bit hard to believe the famous attack first surfaced on the 12th May 2017. It was ransomware of the old school – encrypting important files, then moving on to infect other machines on the network by exploiting vulnerabilities in the Windows networking stack. And it was effective, with many vital systems being brought down, including parts of FedEx and the UK’s National Health Service.

A fix for the stack vulnerabilities quickly appeared from Microsoft, but not everyone applied the patches as soon as they were available. So the attacks continued for some time, but six years later there’s not much left to attack in this way.

Does that mean all is well? Not exactly, because you can be sure there’s another vulnerability waiting to be discovered that will have a similar devastating effect. How can we be sure of that? Because the immense complexity of all the software we rely on inevitably means things will be missed. The recent discovery of Coldplay lyrics in the firmware of a disk controller illustrates this – it’s not clear how the lyrics got in there, but they did somehow, and if that could happen, what’s to stop some back door code getting into the firmware?

The easiest and best measure to take to defend against WannaCry and similar vulnerabilities is to apply patches as soon as they appear. This can be hard, as there’s so much software in any system that the patching is endless, but it is well worth the effort. For vulnerabilities discovered by the “good guys,” patching is important because as soon as the patch is available the “bad guys” know how to attack unpatched systems.

 

Looking beyond patching to secure your organization

But patching doesn’t help defend against the first wave of attacks based on vulnerabilities hackers are always working to uncover – the so called zero-day attacks. For these, the way forward is to reduce the attack surface of your system, so vulnerabilities within it are hidden from the attackers.

This gives you time to survive long enough to apply the patches when they appear. A Zero Trust approach to networking gets you a lot of the way here, as any vulnerabilities in the applications are hidden from anyone on the network who can’t authenticate. Speaking of Zero Trust, our Content Disarm and Reconstruction (CDR) solution helps prevent malware from entering your organization since it stops both known and unknown threats.

When it comes to securing governments and agencies that depend on delivering mission-critical data across complex networks and environments, our cross domain solutions keep information secure for highly critical systems, specialised solutions that use hardware logic can be used to eliminate the software attack surface.

Dr. Simon Wiseman

Dr Simon Wiseman is CTO for Global Governments and Critical Infrastructure. Simon joined Forcepoint from the Deep Secure acquisition in 2021, and brings over thirty years of experience in Government computer security. Responsible for the technical strategy of Forcepoint’s Zero Trust Content...

Read more articles by Dr. Simon Wiseman

À propos de Forcepoint

Forcepoint est une entreprise leader en cybersécurité pour la protection des utilisateurs et des données. Son objectif est de protéger les entreprises tout en stimulant la transformation et la croissance numériques. Nos solutions s’adaptent en temps réel à la façon dont les personnes interagissent avec les données, et offrent un accès sécurisé tout en permettant aux employés de créer de la valeur.