What was originally thought to be the result of a phishing attack, WannaCry turned out to emanate from something else entirely. It was a flaw in the implementation of a common network protocol instead.
The good news is that while a shock to the 200,000 plus users whose day was rudely interrupted, the SMB protocol in Windows 7 is not widely available to external access.
Imagine however that instead of some obscure networking protocol in a down-level version of a crappy operating system, the bad guys had instead discovered and exploited a vulnerability in the TCP/IP protocol used by Apache, which is how most of the modern world communicates with web servers today?
A remote code execution (RCE) attack on Apache web servers would be a catastrophe of a different magnitude.
And RCE attacks on Apache are not remote at all. In a recent study, over a 3 month period, the researchers recorded over 40,000 separate attacks against the 68 known vulnerabilities in Apache Struts (the open source framework used for building web applications) and while these are continually patched, we assumed the same from our Microsoft buddies as well. This fundamental web protocol was developed during the summer of love, and we now use it for hundreds of things never imagined back in the days of Woodstock and Jimmy Hendrix.
The likelihood of an Apache attack is low, but the impact goes right off off the charts and if one day there was a WannaCry variant discovered in that Apache stack, it won’t be pretty.
But there are other very real vulnerabilities we are not addressing. Chrome, upon which half the web users browse is full of holes and while again, we work inside an active sandbox and bug bounty program, who is to say we haven’t missed a weakness there as well?
One classic example of that is Mirai, which a few months ago caused us to re-think the roles our webcams and DVRs play as a proxy for shutting down a key DNS provider. No one seriously imagined the widespread use of these devices as weaponized botnets in a mass DDoS flood.
So, when we think of WannaCry and its inevitable variants thundering through the Internet, we focus a little more clearly on the hygienic aspects of cybersecurity preparedness and a little more critically on the haphazard way our government agencies deal with risk and associated responsibilities for careless outcomes. When we think of the NSA and the leaked hoarded vulnerabilities and the costs that the private sector must incur to prevent against threats that seek to compromise commercial software weaknesses known all the while by these same agencies, it naturally infuriates us.
Our executive management suddenly displays a little more interest in this cybersecurity business and begins asking questions about exposure and triage. When we look out at our threat landscape and imagine with a renewed perspective the potential impacts of the zillion of moving parts in the Internet and the possibilities of our increased leverage from newly digitized delivery systems, it causes us to contemplate how much is at risk and how easily it could all come tumbling down.
One thing is for sure. Since the WannaCry strike hit, we here at Netswitch have seen a substantially renewed interest in Ransomware solutions. We’ve had a ton of inbound inquiries and while it is gratifying to see that the small and medium business community is finally taking the cybersecurity threat issues seriously, it is also troubling that it took such a major event to spawn the wake-up call.
For every 10 inquires we get, I am sure there are 1,000 businesses out there who are continuing to ignore the threat.
Next time, we won’t get off so easy and then it might be too late.