“There are two kinds of people in America today: those who have experienced a foreign cyber attack and know it, and those who have experienced a foreign cyber attack and don’t know it.”
-Frank Wolf, former member of the US House of Representatives
With a new attack seemingly launched every week, cybercrime continues to grow as an enterprise threat. As organizations work to protect the stores of valuable data within their databases, network security becomes critical for any enterprise. In the case of WannaCry, understanding the attack, the attackers—and the allies—can help you prepare for future cyber battles.
Shadow Brokers: The “villains” of WannaCry
The Shadow Brokers are an anonymous group who surfaced after exposing the EternalBlue and DoublePulsar vulnerabilities discovered by the NSA. They’re partially responsible for the WannaCry attack because they exposed the EternalBlue vulnerability, which hackers later capitalised on.
The Shadow Brokers recently stated that more threats, including zero-day vulnerabilities for different desktop and mobile platforms, will be unleashed by June 2017. They also mentioned that they will be “launching a new monthly subscription model.“
Through this model, vulnerabilities will be disclosed to subscription members at least a month in advance, allowing them to escape attacks by paying for pertinent information upfront. This subscription service will include exploits for web browsers, routers, smartphones, operating systems, compromised data from banks, and even stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.
After the fallout from WannaCry, the world should not underestimate these statements.
Marcus Hutchins: The “hero” of WannaCry
When WannaCry hit computers across the world, one of its initial targets was England’s National Health Service, followed by organizations in China, India, Russia, and other countries. Infecting Windows computers through the EternalBlue exploit, WannaCry targeted both end users and corporate servers. Although Microsoft issued patches to recover its Windows XP machines, it was too late because WannaCry was already on the move. But in a turn of events, British cyber security researcher Marcus Hutchins managed to neutralize the first wave of the WannaCry attack.
How did Marcus become the “hero”?
After WannaCry became famous, the 22–year–old researcher, head of the MalwareTech tech blog, spent some time researching WannaCry’s code to understand exactly how it worked. After infecting a system with WannaCry, Marcus discovered that WannaCry contained a set of instructions directing it to check a specific URL.
Curious, Marcus purchased the domain the code was pointing to for around $10. Little did he know, he had actually discovered WannaCry’s kill switch. Marcus‘ serendipitous discovery gave other cyber security researchers more time to neutralize the threat by properly patching systems.
Researchers have since discovered that the hackers behind WannaCry used phishing to unleash WannaCry via email attachments. Once WannaCry infects a system, it spreads to other systems with the help of the EternalBlue exploit identified in various Windows operating systems. The creators of WannaCry included instructions in the code to check for a bogus URL every time WannaCry infects a system.
Marcus‘ move was accidental, but it ended up being exactly how hackers planned to stop the infection if necessary. The idea is that as long as the bogus URL is a broken link, the infection keeps spreading. When Marcus purchased the domain associated with WannaCry, he neutralised the attack.
Stay vigilant and safe
Expecting someone like Marcus to show up for future cyber crises isn’t realistic. As cybersecurity researchers scramble to find solutions, the shadow Brokers operate unchecked. Even top organizations, like FedEx and Renault, were unable to withstand the WannaCry attack. Maintaining up-to-date patches and staying aware of vulnerabilities and threats can give enterprises an advantage. But with many WannaCry copycats and other similar threats popping up recently, these strategies can only reduce the probability of attacks, not eliminate them. So please stay vigilant and safe, this battles against cyber threats has just began.