14/11/17 | Red Team
he recent high profile WannaCry and NotPetya ransomware attacks not only shook up the global business world, they also signalled what could be a shift to the new ‘normal’ – that is where malware authors are setting out to achieve their goal, whether that be led by financial gain or the desire to cause widespread disruption – as fast as possible through massive coordinated attacks.
In a recent Kordia cyber security survey of more than 200 IT decision makers in New Zealand, a quarter said their business was impacted by the WannaCry and/or NotPetya attacks. Of those, 24% had 20-59 employees, and 21% had 200+ employees, showing that size doesn’t matter.
This is why, according to Peter Bailey, it is absolutely crucial for businesses of all sizes to understand their security posture and prepare for the inevitability of the next incident.
Bailey says that as the world moves towards increasingly connected environments, where hospitals, vehicles, utilities, appliances and more will communicate with other devices over the internet, the potential points of attack for malware propagators is growing exponentially. “Estimates put the number of interconnected devices at around 80 billion by 2025, up from the 11 billion today. As our reliance on a connected world grows, so too does the necessity for comprehensive approaches to security.”
That’s because, Bailey explains, in the era of consequence, hackers will seek to exploit any weaknesses in these connected devices for their financial, political – or other – advantage.
In the case of the Bangladesh Bank Robbery in 2016, hackers collected some US$951 million using Dridex malware. When compared to the reported $130,000 in Bitcoin WannaCry collected, it is clear the hackers who were part of WannaCry did not have financial gain as their primary motivation. In the case of NotPetya, which according to McAfee engineer Christiaan Beek was targeted specifically at “complete energy companies, the power grid, bus stations, gas stations, the airport, and banks”, widespread disruption was recorded including to multinational companies Maersk Line, Merck & Co., Russian oil company Rosneft, multinational law firm DLA Piper, French construction company Saint-Gobain, Reckitt Benckiser, DHL, and Mondelez.
What NotPetya and WannaCry have also demonstrated is that many companies and individuals are not suitably prepared for the inevitability of a cyber-attack. “We continue to see the causes of security compromises being linked to the basics: systems that aren’t patched and updated, or actions from staff members who aren’t trained and alert,” says Bailey.
“In fact, NotPetya struck just one month after WannaCry, exploiting the same vulnerability that WannaCry exposed, albeit with different tactics. That is quite hard to believe,” he adds.
A further serious shortcoming is that many companies have never run simulated exercises to get an idea of how they will respond when an attack occurs. “It’s like a fire drill. It should be done regularly and if the real deal happens, panic shouldn’t be among the responses,” he adds.
And while these two incidents grabbed headlines around the world and provide an abject lesson in the necessity for vigilance, Bailey says there are hundreds of other, smaller scale attacks that are just as devastating to those affected, but which go unreported.
The enduring lessons in an environment where attacks are commonplace, he notes, is to maintain basic hygiene, keep systems up to date, backup and have contingency arrangements in place for any systems that are known to be vulnerable. “Attacks happen all the time. If you haven’t been affected yet, count yourself lucky. But that luck will run out and when it does, it’s best to be prepared,” he concludes.
To find out more about Aura Red Team attacks and how to get started improving your security posture, download our Introduction to Red Teaming guide.