Key Takeaways from the Largest Cyber Incidents of This  Year

Posted by Jordan Kadlec on Sep 15, 2017 8:00:00 AM
Jordan Kadlec
submit to reddit

WannaCryNotPetyaEquifax.jpg

As we near the end of the third quarter of 2017, let’s take a look back at the key points from the major cyber incidents that have occurred over the last nine months. Serial entrepreneur and CEO of WatchPoint, Greg Edwards, will also weigh-in on what he believes are the two biggest takeaways from the WannaCry, NotPetya, and Equifax cyberattacks.

WannaCry

WannaCry took the cybersecurity scene by storm on May 12th and is known as the fastest spreading ransomware to-date. The ransomware initiated over 75,000 attacks and infected over 215,000 machines in more than 150 different countries.

NotPetya

In an article we released shortly after the WannaCry outbreak, we guaranteed an attack of similar magnitude was going to occur sooner rather than later. On June 27th, NotPetya proved our prediction right by hitting Europe with a massive cyberattack. The attack caused serious issues in Britain, France, the Netherlands, Russia, and Ukraine by hitting governments, banks, electricity grids, and hospitals.

Similarities

While WannaCry was much larger in terms of the number of attacks and infections, the two ransomware were very similar in their attack vectors. In an article we released titled: Top 7 Revelations of Vault 7, we discussed how the CIA and NSA lost control of its hacking arsenal including malware, viruses, Trojans, and weaponized zero-day exploits. These weapons were released in an underground forum, and it was only a matter of time before hackers figured out how to use these against the general public.

That is exactly what happened with the WannaCry and NotPetya attacks. Both of the ransomware attacks used an SMB exploit kit called ETERNALBLUE. ETERNALBLUE works by exploiting a vulnerability in the SMBv1 protocol to get a grip on vulnerable machines connected to the internet. What made WannaCry so effective is the attacks targeted machines that didn’t have the Microsoft patch MS17-010 installed that was released in March. Basically, those who ignored the popups saying that an update needed to be installed were the ones who were targeted in this attack.

Greg Edwards. WatchPoint’s CEO,  had this to say about the WannaCry and NotPetya attacks:

The cyberweapons used in the WannaCry and NotPetya events were leaked US National Security Agency tools. The fact that more cyber disasters than WannaCry and NotPetya haven’t happened is the most surprising takeaway. These incidents showed how vulnerable and unprepared entities, both large and small, worldwide are. Both the US NSA and CIA have lost control of their respective cyberweapon arsenals, and it is shocking that more cybercriminals didn’t quickly put those tools into action. Software patches have now been released for the majority of the leaked cyber weapons, so as entities update, those tools will become less and less effective. Any entity that has not patched after seeing the destruction that comes from complacency should make patch management the highest priority in their organization.

Equifax

On Friday (September 9th) Equifax, one of the largest providers of consumer credit reporting and other financial services in the United States, suffered a massive data breach where attackers made off with highly sensitive data of over 143 million users. In the data breach, hackers stole names, Social Security Numbers, birth dates, addresses, and driver’s license numbers. On top of that, the criminals gained access to 200,000 credit card numbers and dispute documents containing personally identifiable information on another 182,000 users.

Greg added:

Public opinion is slowly changing on how victims of cyber crimes are viewed. If your car is stolen, everyone would agree that you are a victim, but if you leave the keys in the ignition, the car unlocked and a sign in the window that says “Please steal my car,” then your victim status quickly erodes. Anyone that was hit by WannaCry or NotPetya should be held liable for their complacency. The victims of these attacks put a sign on their networks advertising, “We don’t patch, so please encrypt our data.” The last takeaway is how utterly vulnerable corporations, governments, and individuals are to cyberattacks because of their complacency.

Forethought

Typically, we end an article with a conclusion or an afterthought, however; it’s time to start putting cybersecurity as a forethought. Those infected by WannaCry or NotPetya were hit because they failed to update and patch their machines. Equifax is yet another example that cybersecurity can no longer be an afterthought. The aftermath of these attacks is undoubtedly going to cost companies millions. Can your business, big or small, afford to take that kind of a hit, both financially and to its’ reputation, from a cyberattack?