Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak

On June 27th, the ransomware attack called NotPetya affected more than 12,500 computers and reached over 64 countries according to Microsoft. The ransomware attack WannaCry had a similar impact on data security, and is still being debated by security experts today. What can we learn from all of this?

To help, we’ve reached out to top computer security experts in the field to share their view. We asked them to share two important takeaways on these cyber attacks. Below you’ll find the responses to the question we posed:

What are important takeaways from the WannaCry and NotPeyta cyber attacks?

Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak

Meet our Panel of Cyber Security Experts:

James LitwinAdam SternJason Lango
Guy DulbergerKyle WilhoitGeorge Tatar
Greg EdwardsSteven Hausman
Mike BakerTrave Harmon
Bennet KelleyRick Deacon
James Litwin​Kip Boyle
Nick SantoraAbhijit Solanki
David WestRobert “RJ” Burney

JAMES LITWIN

Cyber Security Predictions for 2018: The Top Experts Speak

James Litwin is a Cyber Security Specialist with a CISSP certification and 20 years of experience in IT management/security.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Always maintain a current inventory of your technology assets that includes operating system versions. Knowing the exact revision level of your Operating System can be vital in determining if your environment is protected against the latest threats.
  2. Ensure your internet access points are restricted to essential services only and all other unused or insecure services are blocked at the firewall. Having a strong firewall that protects your internet assets is critical to giving your IT team time to respond to evolving threats.

 

GUY DULBERGER

Cyber Security Predictions for 2018: The Top Experts SpeakGuy Dulberger is a Cyber Security Executive for a global market research company called Maru/Matchbox. Dulberger’s 15 years of experience working for reputable companies such as Carlyle Group, IBM and Morneo Shepell.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Old school antivirus is no longer enough, companies should seriously start hiring a CISO and develop a security program that goes beyond what your friendly neighbourhood IT team can provide. Helpdesk and Infrastructure are not going to do it – security is a different skill set and it takes time and the right talent to build it.
  2. History is a good indicator of the future. The WannaCry propagated in a similar fashion to a good ol’ worm, and the next wave of attack will just be a reinvention of an old forgotten new, as cyber crime evolves so should defenses. Apply a defense in depth solution and diversify your tools arsenal if you want to survive the war…..”winter is coming”…cheesy I know, but it’s coming so you better be prepared.

 

GREG EDWARDS

Cyber Security Predictions for 2018: The Top Experts SpeakGreg Edwards is a serial entrepreneur and the CEO of WatchPoint, a deception technology company that disrupts the attack chain cyber criminals use to breach and damage business networks.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. The cyber weapons used in the WannaCry and NotPeyta events were leaked US National Security Agency tools. The fact that more cyber disasters than WannaCry and NotPeyta haven’t happened is the most surprising takeaway. These incidents showed how vulnerable and unprepared entities large and small worldwide are. Both the US NSA and CIA have lost control of their respective cyber weapon arsenals, and it’s shocking that more cyber criminals didn’t quickly put those tools into action. Software patches have now been released for the majority of the leaked cyber weapons, so as entities update, those tools will become less and less effective.
  2. Public opinion is slowing changing how victims of cyber crimes are viewed.  If your car is stolen, everyone would agree you’re a victim, but if you leave the keys in the ignition, the car unlocked and a sign in the window that says “Please steal my car,” then your victim status is eroded quickly. Anyone that was hit by WannaCry or NotPeyta should be held liable for their complacency. The victims of WannaCry and NotPetya put a sign on their networks advertising, “We don’t patch, so please encrypt our data.” The second takeaway is how utterly vulnerable corporations, governments, and individuals are to cyber-attack because of their complacency.

 

MIKE BAKER

Cyber Security Predictions for 2018: The Top Experts SpeakMike Baker is founder and managing partner at Mosaic451, a managed cyber security service provider (MSSP) with expertise in building, operating and defending some of the most highly-secure networks in North America.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

    1. Bitcoin and ransomware have become strange bedfellows in the aftermath of the “WannaCry” attack. The two are trending, because it looks like the bitcoin virtual currency is becoming the payoff of choice for cyber hackers. Buying the currency has become a foolish form of short-term protection against attacks.
    2. Because cyber security is a relatively new field, and the threat landscape changes daily, many organizations don’t have the historical data they need to build reliable predictive models. A key takeaway is to keep all software and operating systems updated. Remember, WannaCry and NotPetya both attacked older versions of MS Windows. However, Petya can’t install itself silently. Users have to click through NotPetya to gain control of the system. The huge lesson learned is that in spite of Petya, if you examine the largest data breaches, phishing scams, and companies held hostage by ransomware, technology didn’t protect the vast majority of these companies. In each case, data was breached due to hackers/phishers successfully exploiting humans (i.e. employees). The proliferation of mobile devices like smartphones and tablets have also made the human element even more vulnerable because this area of security is often overlooked and is in fact the weakest link. Employees must be thoroughly trained on information security practices and security awareness — and this training must be an ongoing process.

 

BENNET KELLEY

Cyber Security Predictions for 2018: The Top Experts SpeakBennet Kelley is the founder of the Internet Law Center in Santa Monica, California and host of Cyber Law & Business Report which airs on Cranberry.fm.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

    1. Keep your system updated (use auto updates wherever possible.) Both attacks focused on exploits for which patches had already been released.
    2. Regularly Backup Your Systems. Renders you less vulnerable to ransomware if you have a recent backup.

 

JAMES LITWIN

Cyber Security Predictions for 2018: The Top Experts SpeakJames Litwin is a Cyber Security Specialist with CISSP certification and 20 years of experience in IT management/security.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Always maintain a current inventory of your technology assets that includes operating system versions. Knowing the exact revision level of your Operating System can be vital in determining if your environment is protected against the latest threats.
  2. Ensure your internet access points are restricted to essential services only and all other unused or insecure services are blocked at the firewall. Having a strong firewall that protects your internet assets is critical to giving your IT team time to respond to evolving threats.

 

NICK SANTORA

Cyber Security Predictions for 2018: The Top Experts Speak

Nick Santora is CEO at Curricula, which is a cyber security education company for businesses.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Ransomware is just getting bigger: Ransomware is a problem that will just continue to get bigger and this is just the start. We see ransomware as a roadblock, but soon enough it will be more than that. Hackers are always looking for a quick payout, and ransomware is the answer. With new techniques evolving every day to bypass anti-virus tools, ransomware will become one of the biggest challenges of our future.
  2. Businesses of all sizes are targets: Ransomware doesn’t have a target, yet. We notice that the latest ransomware episodes affected businesses of all shapes and sizes. But, think about a future where we start seeing very targeted malware and ransomware towards specific industries, devices, and companies.

 

DAVID WEST

Cyber Security Predictions for 2018: The Top Experts SpeakDavid West is Icon Lab’s Director of Professional Services overseeing development and customization of strategic projects.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. WannaCry and NotPetya ransomware spread quickly because of a known SMB (Server Message Block) vulnerability Microsoft patched more than 60 days earlier. Apatch is usually a small piece of software that’s used to correct a problem within a software program. Attackers used the NSA’s own EternalBlue to power the attack. We may never know if the NSA deliberately allowed Eternal Blue to leak, or if it was stolen. In either event, organizations with effective patching policies didn’t fall victim. But those lacking the patch, or worse, even simple security precautions and reliable backups compounded their problems. That’s old news. Any time a vulnerability is discovered, unprepared companies risk their business continuity.
  2. The real takeaway from WannaCry and NotPetya is twofold…ransomware attacks are now mainstream and similar attacks will be common with the same actors falling victim.

 

ADAM STERN

Cyber Security Predictions for 2018: The Top Experts SpeakAdam Stern is founder and CEO of Infinitely Virtual in Los Angeles, California.  His company helps businesses move from obsolete hardware investments to an IaaS [Infrastructure as a Service] cloud platform, providing them the flexibility and scalability to transition select data operations from in-house to the cloud.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. The WannaCry cyber attack wreaked havoc – but, tellingly, not at the big public cloud providers like Microsoft Azure, Amazon’s AWS, IBM and Rackspace. And not at smartly managed midsize public cloud providers, either. Here’s the takeaway: any business – or more pointedly, any business’s data — is considerably safer in the cloud than parked on equipment under someone’s desk.  Any cloud provider worth its salt brings to the task a phalanx of time-tested tools, procedures and technologies that ensure continuous uptime, regular backups, data redundancy, data encryption, anti-virus/anti-malware deployment, multiple firewalls, intrusion prevention and round-the-clock monitoring.  And that’s just for openers.
  2. A short while after WannaCry, a new strain of ransomware — a Petya-esque variant known as Petya/NotPetya — swiftly spread across the globe, affecting tens of thousands of computers.  More powerful, professional and dangerous than that earlier attack, the Petya-esque ransomware uses the same EternalBlue exploit to target vulnerabilities in Microsoft’s operating system.  However, unlike WannaCry, this ransomware instructs the user to reboot the computer and then locks up the entire system. But the takeaway here is that users aren’t defenseless, even in the wake of a nefarious perp like Petya/NotPetya. The best antidote is still patch management.  It’s always sound practice to keep your systems and servers up to date with patches – it’s the shortest path to peace of mind.

 

KYLE WILHOIT

Cyber Security Predictions for 2018: The Top Experts SpeakKyle Wilhoit works with DomainTools on effective product initiatives that can drive increasing value to its growing enterprise customer base. Wilhoit has presented keynote speeches at cyber security conferences around the globe, notably FIRST 2016, Blackhat USA, and Infosecurity Europe.

My important takeaway from WannaCry and NotPeyta cyber attacks are:

  1. WannaCry represents a bit of a “perfect storm” in that there was a convergence of events that made it spread quickly and also made the first version halt fairly quickly. Obviously, patching is the most ideal defense against known vulnerabilities, but because we know there are many unpatched systems, security products such as a/v are another line of defense. Looking at the submissions in VirusTotal of all 22 samples listed in Cisco’s Talos blog, as of first submission time on May 12, only 12 of the 59 engines detected the samples. This could be attributed to true errors in detection or simply not having updated virus definition files during the time of scan. So for the A/V line of defense, we see a mixed bag. Other factors are also at play, though: many organizations had the SMB port, 445, openly exposed to the Internet. This certainly helped propagate the worm. And the “kill switch” domain was a unique case, in that any system that blocks infrastructure tied to malware, which ordinarily is ideal, in this case would have prevented machines from activating the kill switch. So, while some A/V definitions were indeed late to the game, there were other lines of defense that could have helped protect organizations from WannaCry.

 

STEVEN HAUSMAN, Ph.D.

Cyber Security Predictions for 2018: The Top Experts SpeakSteven Hausman had a 31-year career at the National Institutes of Health as a researcher and Senior Executive. Hausman is currently a recognized futurist and consultant on emerging technologies, especially regarding the security vulnerabilities of emerging technologies, and a nationally top-ranked professional speaker in those areas.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Employee training is paramount to assure that these security breaches are not repeated.  In many cases vulnerability to attacks is possible because employees had not maintained awareness of potential problems (like patching software).
  2. It should also be obvious, but you cannot trust anyone who makes an attempt to hack your computer. Some people assumed that if they paid the requested Bitcoin ransom they would be able to decrypt their computer files when, in fact, that was not possible.

TRAVE HARMON

Cyber Security Predictions for 2018: The Top Experts SpeakTrave Harmon is the CEO of Triton technologies, founded in 2001. Triton supports businesses, entities, and government clients worldwide.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Systems need to be updated very regularly. No more waiting months if not years to patch, and on top of that you need to patch all third-party programs. No more just Windows updates or Apple updates, but all software within the system itself.
  2. Old operating systems, systems, and out of compliance software need to be retired. If support no longer exists for the platform, change platforms. People were quite happy staying with Windows XP, but because of unpatched exploits, systems were compromised everywhere.

RICK DEACON

Cyber Security Predictions for 2018: The Top Experts SpeakRick Deacon is an ethical hacker with nearly 10 years of experience who started Apozy, a cybersecurity startup backed by YCombinator.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Patches. Patching systems is serious and needs to be done immediately. Even if it’s a risk functionality. Both NotPetya and WannaCry used SMB exploits that were openly published and patched. Had the patches been implemented, the malware would have been rendered ineffective.
  2. Users Matter. People need the knowledge necessary to react appropriately to these sort of infections. With a security conscious user, the Bitcoin wallets of the hackers would have remained empty. Educating individuals on how to handle Ransomware infections keeps them from spending money unnecessarily and propagating the desire for malicious hackers to continue creating data hijacking software.

 

READ MORE: Cyber Security Predictions for 2018: The Top Experts Speak

 

KIP BOYLE

Cyber Security Predictions for 2018: The Top Experts Speak​Kip Boyle is former CISO and now CEO of Cyber Risk Opportunities, which provides companies with cost-effective Cyber Risk Managed Programs.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Cyber security is a full-fledged business risk. Not an annoying, low-priority technology problem that appears to be the position that many executives have been taking. NotPetya severely hurt FedEx/TNT’s ability to deliver their packages on-time. And, they weren’t able to accept new deliveries for many days. This resulted in major revenue loss and sharp increases in unplanned costs.
  2. Practicing reasonable cyber security provides a competitive advantage. How? The chaos that NotPetya caused to FedEx/TNT resulted in the loss of a very large number of their customers to DHL, who was also affected, but recovered very quickly.

 

ABHIJIT SOLANKI

Cyber Security Predictions for 2018: The Top Experts SpeakAbhijit Solanki is founder of Whiteboard Venture Partners, and most recently the cybersecurity investment lead at NexStar Partners. Previously worked at McKinsey, Symantec, VMware. Focused on helping entrepreneurs create, build and scale the next generation of enterprise companies.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Attackers are designing sophisticated malware that is being used to target a specific audience segments companies (WannaCry >> Healthcare vertical) countries (NotPeyta >> Ukraine).
  2. Ransomware attacks like DDoS attacks can have different motivations. These range from service disruptions caused due to unavailability of resources (WannaCry) or disguised data destruction (NotPeyta)

 

ROBERT ‘RJ’ BURNEY

Cyber Security Predictions for 2018: The Top Experts SpeakRobert “RJ” Burney is a tinker of all things cyber. Burney has enterprise level experience in a variety of cyber security disciplines including architecture, engineering, forensics, penetration testing, reverse engineering, networking, software development, malware analysis, and intelligence research.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Educate your users because spam (phishing emails) is/are still the main weakness in security. These attacks were sent via spam. The more educated workforce you have, the less opportunity for attacks.
  2. Keep your systems updated. Patches were already in place in both instances and attacks could have been prevent if the systems would have been updated.

 

JASON LANGO

Cyber Security Predictions for 2018: The Top Experts SpeakJason Lango co-founded Bracket Computing with the vision of reimagining enterprise computing in the public cloud. With deep expertise in enterprise computing infrastructure and security services. Jason was principal engineer in Cisco’s Security Technology Group, directing network security and firewall product architecture. He holds more than 15 patents.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. You need post-compromise protections because vulnerabilities never end. Just in the last few months, there have have been several critical vulnerabilities that have impacted major US businesses (WannaCry, apache struts 2 (twice), dirty cow, and others). Attackers are going to get in. Security teams are responsible for being ready when they do.
  2. Complex infrastructure requires a consistent, independent security posture. Security shouldn’t have to be dependent on your application teams–it’s simply not their top priority, and shouldn’t be. Even when you think you’ve gotten them all…Unpatched versions slip through the cracks. The Equifax breach is an example of this: the patch for their struts vulnerability had been around since March of this year.

GEORGE TATAR

Cyber Security Predictions for 2018: The Top Experts SpeakGeorge Tatar founded Akruto, Inc. in 2010 to help customers keep their private information safe and readily available wherever they go. Prior to founding Akruto, George managed teams of engineers at large companies and successful start-ups.

My important takeaways from WannaCry and NotPeyta cyber attacks are:

  1. Most individuals and businesses still don’t take cyber security seriously enough. Even after the first attack most companies and individuals didn’t invest their time and effort to protect themselves from a new wave of attacks. Most individuals still believe that they could never become a victim of cyber-criminals, because they simply “don’t visit unsafe websites” or “install only the official software”. In 2017, just being connected to a wrong network or having an infected PC in your corporate network is enough to lose all your data in a minute. On the other hand, a growing danger of massive epidemics will lead to a creation of new cyber security solutions based on neural networks.
  2. The more control over our cities and infrastructure we give away to IoT and the Cloud, the worse consequences will be from future ransomware epidemics or massive hacks. Two recent ransomware epidemics have shown us the potential danger and the growing scale of this type of attack. The growing adoption of IoT devices , including within governmental and even military institutions, opens a door for a new type of warfare that takes place in cyberspace. This means that in the future, cyber-wars could become some of the deadliest weapons capable of paralyzing entire cities.

 

CLICK TO TWEET: Top #CyberSecurity #Experts Speak: What are takeaways from the #WannaCry & #NotPeyta #cyberattacks? @ITSecCentral http://ow.ly/gEmo30frxdm

Megan Thudium

Megan Thudium

Megan Thudium is a Berlin-based writer with a passion for curating actionable and enlightening content for business leaders. A seasoned author, her latest works encompass topics in travel, business and information security. Follow Megan on twitter @megan_thudium.

You may also like...

5 Responses

  1. September 29, 2017

    […] Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak […]

  2. October 25, 2017

    […] Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak What Computer Security Experts Wish You Knew: The Top Experts Speak Cyber Security Predictions for 2018: The Top Experts Speak […]

  3. November 28, 2017

    […] Top Experts Speak Top Job Habits Every Cyber Security Expert Should Adopt: The Top Experts Speak Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak What Computer Security Experts Wish You Knew: The Top Experts Speak Cyber Security Predictions for […]

  4. November 28, 2017

    […] the first state developed malware operations to be named a cyber weapon was Stuxnet. Recently the NotPetya and WannaCry ransomware cases were the result of hackers stealing a number of advanced cyber […]

  5. December 10, 2017

    […] alike in relation to data breaches. From the Equifax, Yahoo and Deloitte data breach and the NotPetya and WannaCry malware attacks, there wasn’t much room left for breathing. It’s time to start […]

Leave a Reply

Your email address will not be published. Required fields are marked *