The British health system got attacked. The Andhra Police was compromised. A Spanish telecom giant was crippled. And that’s not all. Over 100,000 systems around the world have already fallen prey to ‘WannaCrypt’ ransomware worm, also referred to as ‘WannaCry’. On Friday, May 12, the world woke up to the news of what is being touted as the biggest ransomware attack ever, when UK’s National Health Service (NHS) became the first to be hit by the worm. The hackers seized patient records and are demanding a ransom in bitcoins.
"Never ever in the history of human mankind have we seen a ransomware attack of this magnitude. Hackers have now successfully tested global waters." - Pavan Duggal, Founder & Chairman, ICCSL
The origins of WannaCry:
WannaCry’s malicious power lies in its ability to replicate itself and spread across once it’s inside a system. The vulnerability, allegedly used by US agency NSA, later got into the hands of hacker group Shadow Brokers, which then released the exploit tools. The malware spreads via the Server Message Block (SMB) protocol used by MS Windows for file sharing on a network.
"For sectors like healthcare, banking, which run instrumentation driven items like an ATM, deploying the patch is critical." - Mathan Kasilingam, CISO, HDFC Bank
Patching the process
While the company initially released patches to fix the vulnerability in March this year, these patches were not issued for the older Microsoft systems. For older discontinued versions like XP, Vista and others, users had to pay for custom support. The ransomware targeted organizations and users who were behind on their patch cycle, or who were running older versions of Windows. Microsoft has now released the patch for free for legacy versions of Windows. A British security researcher accidently discovered the kill switch while assessing the malware. But experts have warned that hackers can still find their way around it and there is a possibility of copies of the same worm being circulated in the near future.
"BFSI, healthcare need to ensure the patches are up to date. Block e-mail attachments even if it hinders business for a while." -Unique Kumar, CISO, Max Healthcare
Founder and Chairman of the International Commission on Cyber Security Law, Pavan Duggal looks at the ransomware attack as a precursor of much bigger international attacks coming in. “This is just the trailer. Hackers have now successfully tested global waters. Never ever in the history of human mankind have we seen a ransomware attack of this magnitude,” said Paval Duggal. “This attack is also unique in the sense that it originated from the Darknet – so trying to find out the identity of the person who was behind this is itself going to be a big challenge. With 100 countries, hundreds and thousands of computers and losses running into billions of dollars – clearly this kind of ransomware attack is a game changer.”
CISO’s sleepless nights
Troy Hunt, Australian security expert and the founder of data breach search website Have I Been Pwned wrote in a blogpost that the fault lies with organizations who are complacent with software updates. “Organisations are notoriously bad at keeping software modern, especially those in the public sector, said Hunt in his blog. “It's not fun, it costs money and it can still break other dependencies, but the alternative is quite possibly ending up like the NHS or even worse. Bottom line is that it's an essential part of running a desktop environment in a modern business," wrote Hunt.
"Once the patch is available, CISOs need to look for the right tech, right process and right people to deploy it ASAP." -Shiju Rawther. CISO, CIBIL
Shiju Rawther, CISO, CIBIL described it as a bizarre case of process gap. “This shouldn’t have happened if organizations had followed the process of timely updates. Microsoft had already released the patch in March. This really shows how mature the organizations are,” said Shiju Rawther.
Mathan Kasilingam, CISO, HDFC Bank, said this attack primarily targets industries that are instrumentation driven. "For sectors like healthcare, banking, or say the industry, which run instrumentation driven items like an ATM, deploying the patch was extremely important," said Mathan Kasiligam. "There are prehistoric devices still running XP for most of the environments. However, most leading banks in India adopted compensatory control couple of years back, when MS discontinued XP. That is why, the impact of WannaCry in India is miniscule. But for the rest of the world, where even simple services such as parking are automated, it is a catastrophe."
“It’ll have a major impact on global economy,” said Unique Kumar, CISO, Max Healthcare. “It is impossible to ascertain the full impact of the worm all over, as not everyone would disclose attacks. Microsoft has released patches for even legacy versions, but have the organizations updated them? This calls for higher investment in IT healthcare as some companies are still running older versions.”
Most of the nations have not given cybersecurity the kind of importance it deserves, added Duggal. “There is not one common global cyber law in place. There’s a need for the world to have an international convention on cyber law and cyber security.
“At the same time, nations have to wake up from slumber and they have to come up with national legislations dedicated to cyber security similar to what China and Germany have already done. There’s a lot of panic happening these days in India over these attacks. The important point is not to get surprised that you are attacked, but developing cyber resilience-how you can bounce back to normalcy. I find these attacks as watershed attacks - if humanity is not going to learn the lesson it’ll have to pay very dearly,” he said.