Late last year it was an IoT powered DDOS attack, then it was the National Democratic Committee phishing attack, and now, it’s the WannaCry ransomware attack that is the breach du jour. Having infected countless organizations across 150 countries, the WannaCry attack spread like wildfire last Friday and once again demonstrated the importance of cybersecurity in our hyper-connected world. But this wasn’t just a cautionary tale to organizations that are collecting and storing sensitive information, but also to the application providers that are building critical infrastructure.
While history has a way of always repeating itself, it’s still important for us to look backwards at the chain of events that landed us here to learn from our mistakes. From the ongoing investigations, the timeline looks something like this…
- A zero day vulnerability was written into Microsoft’s software
- WannaCry attack developed by hacker community to exploit vulnerability
- NSA attack library that included the WannaCry attack sent to WikiLeaks in April
- WikiLeaks worked with Microsoft to patch vulnerability and then releases NSA leaked attacks
- Organizations don’t update Microsoft systems to newest version that patched the vulnerability (patch your systems now!)
- Hacker releases malware and it spreads across 150 countries and took advantage of organizations that couldn’t detect the attack fast enough
With multiple parties involved from the Microsoft app developer, to the system admin that didn’t push the patch, to the security operations center that didn’t detect the attack fast enough, how are we supposed to protect ourselves? The National Institute of Standards in Technology (NIST) has written a comprehensive cybersecurity framework* in partnership with the community to address just that. This framework can be broken down into two general principles, how do you harden your infrastructure with system security while implementing continuous monitoring to ensure comprehensive protection. Stealing from Dr. Ron Ross, a fellow from NIST, it doesn’t matter how many times you check if your front door is locked if you have a bad lock.
As more and more “things” are attached to and deployed within your enterprise, managing security across all of them becomes even more complex. Not to mention, the large number of events that you need to monitor continues to grow at an incredible rate. We, as a community, need to come together to solve these problems and figure out how we can collectively move as fast as the black hats. It took one month from the time the hacker community got their hands on WannaCry from the NSA leak to this large scale attack. So my question to you is, where will the good guys be in a month?
Join the community that is fighting back against attacks.
*This framework was also written into President Trump’s executive order around cybersecurity that was coincidentally released the day prior to this attack, but I’ll save that for another blog.