Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies

(Req)

These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

WannaCry ransomware attack reinforces recent findings on cybercriminals tactics and targets

Blog

On May 12 a highly virulent self-replicating ransomware called WannaCry or WCry shut down computers all over the world.

Ransomware is a form of malware which essentially holds information or entire devices hostage e.g. desktops, laptops, or servers. Victims’ data remains encrypted and inaccessible unless the infection is removed. With WCry, victims are being told that after seven days, their files will be lost forever if the ransom is not paid.

The attacks initially targeted several healthcare institutions across England belonging to the National Healthcare Services (NHS). WCry is also causing disruptions at banks, hospitals, telecommunications services, train stations, and other mission-critical organisations in multiple countries, including the UK, Spain, Germany, and Turkey.

Over 150 countries have been affected, with Russia being disproportionately affected, followed by Ukraine, India, and Taiwan. Infections are also spreading through the United States.

What can we learn from this cyberattack?

The WCry ransomware variant leverages the ETERNALBLUE exploit included in the NSA toolkit leak earlier this year and which was subsequently patched by Microsoft in its update MS17-010. This points to the fact that ensuring timely patch updates should be high on the boardroom agenda.

In our recently-published Executive’s Guide to the Global Threat Intelligence Report we revealed that 53% of the vulnerabilities we identified in 2016 were disclosed within the past three years, which means that nearly 47% of vulnerabilities are more than three years old.

While the level of vulnerabilities detected in our clients’ infrastructure is lower than in previous years (a 6% reduction between 2015 and 2016), there’s still considerable room for improvement. Older vulnerabilities are still not being patched.

Governments should consider themselves as an attractive attack target

The fact that the UK’s NHS was the initial target of WCry supports our findings that attacks on the government sector are on the rise. Our Report revealed that cyberattacks on government organisations rose sharply in 2016, accounting for 14% of all attacks, compared to 7% in 2015.

Government agencies hold vast amounts of sensitive information, ranging from personnel records, budgetary data, and sensitive communications to intelligence findings. For this reason, they’re becoming an increasingly popular attack target, and should raise their defences accordingly.

We also determined ransomware accounted for 50% of our incident response engagements in the healthcare sector. This is largely due to their need to maintain continuous business availability, and how profound an impact ransomware can have on these organisations’ ability to operate safely.

What can you do to protect your business from ransomware incidents?

  • Require regular security awareness training for all employees so they’re up to speed on phishing, social engineering, and ransomware, how to identify attacks, what to do if they need help, and how to report possible attacks.
  • Strengthen your organisation’s business continuity capabilities to ensure quick restoration of operations if a ransomware incident occurs. This includes a comprehensive backup strategy that incorporates secure storage of offline backups, and confirmation of the organisation’s ability to rebuild systems and restore data.
  • Schedule vulnerability assessments to determine susceptibility to this software vulnerability.
  • Develop a policy for handling ransomware incidents and decide conditions under which a ransom payment is authorised, if any.
  • Consider engaging a third-party to provide real-time threat management (RTM) services to provide continuous threat monitoring activities. RTM combines collection, correlation, management, early warning and detection with 24×7 expert security analyses, and incident response, to keep your network ahead of today’s evolving risks.

Download our Executive’s Guide to the 2017 Global Threat Intelligence Report for more insights.

 

 

Previous Article: Revolutionising game day for sports fans and operators alike Next Article: So now you have the perfect BCP but does it work?

You may be interested in

Blog

Protect your data from the inevitable ransomware attack

To cope with this new kind of threat, your backup and recovery strategy needs to adapt.

Read blog
Blog

What I learned from hacking the Winter Olympics

I used to think that technology was the answer to all security questions, but my experience post 9/11 taught me that governance should always be the starting point for security discussions.

Read blog
Blog

The two-way conversation you need to have with your CEO on cybersecurity

With cyberattacks featuring regularly in mainstream news, it’s good to see that Boards and CEOs are becoming more cybersecurity conscious.

Read blog
Blog

Balancing risk and innovation

There’s no question that digital is the way forward. It offers tremendous benefits to your business: faster speed to market, more business intelligence and improved customer relationships.

Read blog