By David Braue
June 6, 2017
It may have sent European businesses scrambling and the security community abuzz, but the WannaCry ransomware attack's fizzling in the United States and Australia means its legacy will be mostly as a cautionary tale - and, one security expert warns, a potential distraction from more important security issues.
The world may have braced for a global epidemic of new ransomware infections once news of WannaCry's Saturday assault on the UK National Health Service spread, but by the time the week began "we just didn't see quite what we were expecting," says Bill Smith, senior vice president of worldwide field operations with security firm LogRhythm.
"We were expecting a big flareup when everyone logged in on Monday morning, but we really didn't," Smith said. "There really wasn't anything unusual about WannaCry - it was run-of-the-mill, commodity ransomware - but what was unique was its ability to propagate itself, which we hadn't seen to that extent before."
Accurate estimates of the damage to Australia vary, but an officially published figure of 12 afflicted companies confirmed that the ransomware had failed to make as big of an impact in this country. This was lucky, given that recent figures from Flexera Software's latest Australia Country Report reported a strong rise in the number of Australian PC users with unpatched operating systems since the end of 2016. It also suggests that many companies may be following government advice by adopting the Australian Signals Directorate's Essential Eight mitigation strategies, which the Australian Cyber Security Centre (ACSC) noted would have protected organisations from WannaCry.
Yet as other attacks emerge based on the same EternalBlue vulnerability that WannaCry exploited, unpatched systems will once again face compromise and businesses will once again be scrambling to protect themselves. It's a surefire sign that conventional defences can only go so far in protecting against novel attacks - and that patching remains a cat-and-mouse game as new vulnerabilities are continually discovered.
"We have to be careful of creating a false sense of security that if we patch our systems everything is OK," Smith warned. "The vast majority of security budget is still spent on prevention methodologies, but the dirty little secret of security breaches is that most of them involve compromised credentials. And it doesn't matter if you patch your system, if attackers have your username and password."
Indeed, Verizon's latest Data Breach Investigations Report (DBIR) 2017 found that fully 81 percent of hacking-related breaches leveraged stolen and/or weak passwords - meaning that intruders were able to compromise networks not through stealthy exploits like EternalBlue, but by simply walking in the front door of the network.