There will be time for deeper analysis into the WannaCry attack, where it came from, and the myriad fallout. The priority right now, however, for organizations of all sizes and locations, should be to ensure that they do not succumb to the next such attack. Whether it is the specific “WannaCry XXL” touted by the Russian news platform RT.com, EternalRocks, or another, as yet unnamed threat, the simple fact is there is more coming.
WannaCry has proved so effective it will not only boost the perpetrators of the attack, but serve as a clarion call for others of their ilk around the world for three principle reasons. Firstly, the attack proved effective in that it found vulnerabilities and spread efficiently. Secondly, it proved productive, in that it raised considerable amounts of money through the payment of ransoms; resources that will go on to support further attacks. And thirdly, and not to be underestimated, the global outcry, with headlines and mudslinging across all forms of media. As if they weren’t before, we should consider would-be attackers fully incentivised.
Your next action as an organization is critical, and those who do not wish to be on the list of future victims should act now, and act decisively. Former Assistant Attorney General for the U.S. Department of Justice's National Security Division, John Carlin, has put together a useful long list of what businesses need to know. He is also correct to say, “there is probably no one-size-fits-all set of answers”.
However, we can state, with certainty, that no single Cybreye customer following our remediation roadmaps have proved vulnerable to the WannaCry attack. Microsoft has stated they are “taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003."
Cybreye has been aware and checking for these vulnerabilities since November 2015, listing affected OS as critical when found, and advising a roadmap for remediation. Furthermore, we have identified a host of other vulnerabilities not yet reported.
At Cybreye we pride ourselves on being both fast and effective, because a large proportion of our testing is automated and can be run remotely. We don’t simply tell you what the problems are, but how to fix them. Acting next week, next month or next year will present increased risk. We’re here to help now.