WannaCry - Security Validation against the New Generation of Cyber-Attacks

What is it?

Laptop on desk with 'do you Wanna Cry' on the screenThe global outbreak of WannaCry affected over 200,000 computers in at least 150 countries since May 2017 and has become a significant milestone in the history of cyber-crime. This has led to enterprises and organizations of all types to learn about the need for effective and proactive information security tools to prevent the compromise of their business reputation, image, and financial damage.

Modern attacks have become more pervasive and complex than ever before, and their dynamics have become so impressive that it is extremely important to provide protection against new patterns of malicious behavior. Security visibility is the key to achieving a more preemptive position in terms of protection against the new generation of cyber-attacks. Today, companies can be divided into three categories: those who suffered from cyber-attacks and are aware of it, those who have suffered from a cyber-attack and are not aware of it, and those who have yet to suffer from a cyber-attack. In some cases, unusual network or application behavior is associated with some kind of system malfunction, although in fact, it may be the result of a cyber-attack or malware infection.

Why should you care?

WannaCry did not affect just the average citizen, but also gravely endangered different industries like healthcare, transportation, car manufacturers, pharmaceuticals and its patients as well. The last few years have seen a rise in in telemedicine in the last few years, most patient records are digital meaning that taking these files during a ransomware attack could lead to countless individuals being denied healthcare and having their information sold on the black market likewise.

In fact, in the USA alone, WannaCry hit various hospitals (however this was far from the only country affected). During the attack, many were denied healthcare access, which is a very significant issue, including impacting surgeries needing to be performed and pregnancy deliveries occurring throughout those five days. In fact, the National Health Service (NHS) says 16 of its organizations were attacked by WannaCry which resulted in doctors being locked out of patient records and forcing emergency rooms to send patients to other hospitals [1].

One of the main reasons the WannaCry ransomware proved to be so vicious was that it leveraged a Windows vulnerability known as ‘EternalBlue’ that allegedly originated from the NSA exploit tools data leak. This exploit was made public by malicious users, known online by the name The Shadow Brokers, and despite Microsoft releasing a patch for this exploit, many organizations did not catch up. This highlights the need for organizations to effective manage their patches, or conduct regular tests to ensure that they are not exposed to attacks such as this.

How ransomware works

Ransomware is malware that encrypts important files, essentially locking people out of their files, unless they agree to pay a ‘ransom’ to prevent their entire system from being deleted. According to Symantec, attacks of this kind have risen in the last year, jumping from 340,665 in 2015 to 463,841 in 2016. The healthcare industry has become a major target, with ransomware making up more than 70 percent of malware attacks against hospitals, pharmacies and insurance agencies [2].

Another notable victim of the WannaCry attack was Disney. The perpetrators of the crime informed Disney that they would release the first five minutes of the film and continue to leak 20-minute chunks until the ransom is paid [3]. Disney stated it didn’t intend to bow to extortion and refused to pay the ransom. Instead, Disney chose to work closely with the FBI.

Next steps for you

  • Work with information security professionals to look at information risk in the context of the business and the wider implications for customer service, public relations (PR) and reputation – and not just as a technical issue.
  • Establish a dialogue, grounded in the terminology of risk between business leaders, IT and information security. CISO’s should regularly and actively challenge IT and information security leaders on information risk and its business impacts – and not just accept that technology can solve the problem.
  • Deepen business leaders’ understanding of risk – and information risk – as they relate to how technology is changing the way that the business operates, the business’s dependency on that technology and where these changes are leaving the business vulnerable. This is a governance responsibility to be aware of and managed, as is the case with all risk.
  • Include cyber and information security into the design and development processes in your organization. Security requirements should be a consideration from idea through to design, development, engineering, testing and production of any product or service built, produced or bought by the business.

CyberFlood can help!

No organization has an unlimited budget for security. Every security dollar spent is a trade-off. For organizations that do not have a highly-developed security program in place or looking to improve their existing security practices, proactive security testing provides visibility and knowledge on where you need to improve your security posture. CyberFlood offers malware testing validation including WannaCry malware scenarios, powered by Spirent TestCloud, within days of the publicly reported outbreaks. Leveraging CyberFlood to validate your threat landscape will help you be better prepared for the next cybersecurity attack.

If you’re interested in learning more about our security solutions visit Spirent’s CyberFlood page, or if you would like to speak to our security experts directly, contact us, or register for our Cybersecurity live and on-demand webinars.

Follow Spirent Security on Twitter (@spirentsecurity) for the latest security news.


[1] Doctors Locked Out of Patient Records, Quartz Media, Online 
[2] WannaCry: Why it matters and what you need to know, TechMedy, Online 
[3] New Pirates of the Caribbean Being Held for Ransom, Gizmodo, Online


comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.