ZDNet's Danny Palmer examine's the aftermath of WannaCry, Notpetya, and Bad Rabbit.
ZDNet's Danny Palmer sat down with TechRepublic and CNET Senior Producer Dan Patterson to assess if the world's ready for another cyber attack, like what happened with WannaCry, Notpetya, and Bad Rabbit last year. The following is an edited transcript of the interview.
Dan Patterson: It's been a year since the NSA Cyberweapons leak resulted in ransomware attacks, NotPetya, WannaCry, and others. It wreaked havoc across business and government systems all over the world. What have we learned in the year since the summer of ransomware?
Danny Palmer: One of the things we've learned is that these tools are still active. The things that caused NotPetya and things that caused WannaCry— destructive global cyberattacks, the EternalBlue vulnerability— they're still active. This shows that in one way, lessons may not have been learned in the year, since these massively destructive attacks, because patches were released to fix these vulnerabilities. but they've still not been applied. And, while NotPetya and WannaCry aren't really spreading any more, EternalBlue and EternalRomance have been used to spread other things. Cryptocurrency mining malware, a lot of that is spread by these year-old vulnerabilities... which seems it's... and if people patched these systems, there wouldn't be a problem, or at least in this case. But they're still out there.
Dan Patterson: Explain the EternalBlue for those of us who are not deep down in the crypto and the cyber scene. Help us understand what this was and why it's important.
Danny Palmer: Well, it was a leaked vulnerability used by the American intelligence agency — the NSA — in order to conduct sort of espionage and surveillance on the potential targets. All of this was leaked as part of the Vault 7 leak by the Shadow Brokers hacking group, which then provided the information to WikiLeaks, which basically puts this information out there, saying, Look, here are these surveillance tools being used by the US government and others.What that resulted in, two months later, was, with WannaCry. Those exact tools were then used to perpetuate ransomware in the form of WannaCry, which spread around the world and put what were government's tools into the hands of cybercriminals and other nation state actors.
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
It's a really strange, murky world of things going on, and there are arguments saying, Oh, maybe this wouldn't have happened if the tools hadn't been leaked, and others say, Well, if the NSA didn't have these tools in the first place, this wouldn't have happened. It's led to a lot of debate, which still hasn't really been finalized and sorted out.
Dan Patterson: One of the fascinating things about cyberweapons is that they are commoditized very quickly. It is far harder to lock down a destructive cyberweapon than it is a kinetic weapon. What does the future of cyberwar and cyberweapons look like?
Danny Palmer: Not to be a doomsday-sayer but it's probably only going to get... No. It's not going to get easier. It's not going to be any better, unfortunately. We've seen things like WannaCry, which most nations have pointed to North Korea being behind that.
NotPetya, people are pointing to Russia being the actor behind that. As more and more things get connected to the Internet, it's going to be providing more and more outlets for cyberattacks to happen. A recent speech I saw by Robert Hannigan, the former boss of GCHQ, a sort of intelligence agency here in the UK... he went and outright said that eventually, someone — be it intentionally or not — will get hurt or killed by a cyberattack as these attacks end up targeting things like civilian infrastructure, targeting power plants.
SEE: A winning strategy for cybersecurity (ZDNet special report)
With WannaCry last year in the UK, obviously, the National Health Service was a massive target of that. Appointments were canceled, operations were canceled, but as far as we know, no critical operations had to be canceled. People who needed life-saving surgery were operated on, but if that attack had been worse, people could've been killed, which lends itself to thinking about, What happens when that happens? If one nation state-actor does a cyberattack, which causes civilians in one country to come to harm. It opens a Pandora's box, really, in terms of international relations and retaliating or not retaliating. It's a really confusing outlook at the moment, and no one really knows where this is going to go. It's interesting but quite worrying in a lot of ways.
- IoT security: Follow these rules to protect your users from hackers, gadget makers told (ZDNet)
- 7 data confidentiality questions attorneys urge you to ask (TechRepublic)
- 10 legal aspects of data breaches lawyers urge you to abide (TechRepublic)
- Man-in-the-middle attacks: A cheat sheet (TechRepublic)
- Why cybersecurity is the fastest-growing insurance market for SMBs (TechRepublic)
- NIST Cybersecurity Framework: A cheat sheet for professionals (TechRepublic)
- IT leader's guide to cyberattack recovery (Tech Pro Research)