Looking back at the WannaCry attack, it seemed to catch everyone by surprise, but it really should not have. Virtually the entire world knew that the hacking group responsible was planning to release something like this ransomware several months prior to the attack. Numerous software companies released viable patches, but not very many organizations took advantage of the software updates.
Unfortunately, Shadow Brokers is not going to disappear, and neither are organizations like it. The hacking group that unleashed WannaCry claims to have more information and tools at its disposal. Some of the "know-how" was actually pilfered from the National Security Agency and others in the intelligence community. Furthermore, it is highly likely that additional waves of WannaCry-like attacks will be delivered by other hacking groups. Most future attacks will probably be worm-based, especially attacks aimed at the Internet of Things. The question facing cybersecurity professionals is how they can defend against attacks such as WannaCry.
Best Practices for Defending Your Organization
Private hacking groups, criminal organizations, and unfriendly governments are treating zero-day exploits like digital weapons and stockpiling them for future attacks. These future attacks have the potential to be even more damaging than WannaCry; despite the attention given to the effort, many analysts believe that WannaCry was launched by amateurs rather than sophisticated hackers. If you want to defend your organization, the following tips can help.
- Make sure that all versions of Windows are up-to-date, properly registered, and fully supported. With WannaCry, many of the attacks involved companies with obsolete operating systems or those with questionable licenses.
- Be proactive about patch hygiene. Establish a schedule for routinely patching software, firmware, and operating systems. Be sure that every device capable of connecting to your network receives every applicable patch.
- Accept the very real possibility that your system could be breached. Establish an incident response strategy and business continuity plan so that you can minimize the damage. Conduct automated threat-hunting expeditions regularly to assess your vulnerabilities.
- Deploy intrusion prevention systems, anti-virus, web filtering, and anti-intrusion technologies. Keep all security tools updated and patched.
- Fine-tune your backup procedures. Ensure that data is backed up regularly and verify the integrity of the files. Encrypt the backup files and conduct tests of the restoration process to make sure that the process works properly.
- Scan all emails, including outgoing messages. If you can detect any threats and filter suspicious executable files, you can prevent them from reaching the weakest link in your chain — your users.
- Leverage the power of automation. Computers can process commands much faster than humans. Hackers are already taking advantage of automation to achieve maximum results with minimum effort, so you should borrow a page from their book. Automate your anti-malware and anti-virus programs to conduct scheduled scans regularly using automation platforms.
- Train your employees or at least make them aware of security risks and threat tactics. Teaching your users how to identify the methods used by hackers and how to avoid the traps can help protect your organization.
- Take extra precautions if your organization has a bring-your-own-device policy. For example, you might want to consider encrypting any business data stored on the devices or asking employees to authorize you to wipe the device remotely should it be lost or stolen.
- Prepare for response. With all the above steps, attacks will still get through and the organizations have to be ready for responding. A proper documented plan for response and automating as much as possible ensures consistency and accuracy.
Despite the attention that WannaCry received, it was little more than a minor skirmish in the war between cybersecurity professionals and the criminals looking to evade them. The next attack could wreak significantly more havoc. Organizations need to leverage every tool possible to keep their applications and data safe.