Well yesterday wasn’t such a great day at the office, not just for the company I work for – but quite a number of other companies and organisations. There are few people that can be unaware of the Cyber attack that was launched in a number of countries yesterday, the fallout from that attack will be pretty far reaching and will affect many organisations for a considerable period of time I would think. There may well be a number of companies and organisations that may fail as a result of the attack, you yourself will have to decide if the people who made these tools available acted responsibly or not.
This particular attack seems to have been particularly effective against hospitals and medical organisations in the UK, where a large number of people were unable to receive the medical attention that they needed. It has obviously been effective against a number of other sectors, at the moment I am working for a Spanish company – where all the Windows based systems are now on lock down.
Of course there are always going to be these attacks and courtesy of a number of people, misguided or not – placing these tools in the public domain. We now have a situation where the number of attacks is likely to increase significantly in the future, the sophistication of the attacks, the attack vectors and the lack of good security people in the IT industries will surely mean that many people are in for a bumpy ride over the next few years. This I think is a “standing on the shoulders of giants” moment, although there were tools out there capable of launching similar attacks. They were no where near as sophisticated or effective as this suit of tools is, so now the code base and therefore the base attack level is so much higher.
It isn’t really possible now to do very much about the increasing sophistication of the attacks, there are just too many variables to address but some of the following would make a difference.
- Better training in security for the end users.
- More effective use of virtualisation technologies and increased internal fire walling.
- Better recovery processes along with increased use of snapshot technologies.
On the attack vectors, we have the same situation. It must be remembered that this can all be easily negated by having poor IT security staff. Something that should be obvious to many people today is how easy these attacks are to launch and how difficult they are to counter.
This particular attack is purely a money making exercise for some criminal or criminals, it looks like it could be a very lucrative one for them from the information in the press. There may well be loss of access to significant quantities of important data, consequentially there may be no alternative to paying for the keys to allow access to the data. Not that that means these people will actually get the access to the data.
It will now be painfully clear to a number of people that the world of IT security was found lacking in a number of respects, a number of these people will be putting in a lot of hours over the next few months – initially to sort out the problems then looking at preventative measures. In reality all that can probably be managed is the minimisation of risk through training and awareness, along with the development and implementation of effective and timely recovery processes.
A failure to react to this event for the people not yet targeted, is likely to lead to very expensive corporate chaos. In the case of my work, the costs are likely to be in the low thousands of Euro’s. Company wide I would suggest that the lost productivity will be in the Millions of Euros, so maybe paying a few bitcoin will be worthwhile.