The global cyber-attack that crippled Britain’s National Health Service and devastated businesses around the world on May 12th may be only the first in a series of sophisticated attacks that will arise out of leaked NSA hacking tools. Security researchers monitoring dark-web forums used by cyber criminals report that hackers are actively discussing different ways the leaked exploits can be used to target and infect more victims.
“This is just the beginning,” warns Dominic Chorafakis, founder of cyber-security consulting firm Akouto. “The NSA leak was a windfall for hackers looking for ways to attack victims and it won’t take them long to create powerful new tools that can infect tens of thousands of systems very quickly. Protecting IT systems in this environment takes knowledge, vigilance and the right tools, but there are some simple and practical things everyone can do.”
Most attacks take advantage of vulnerabilities that have already been fixed, but IT staff and end users fail to apply software updates provided by vendors, as highlighted by the recent outbreak. Reports from the Canadian Cyber Incident Response Center and the US Department of Homeland Security suggest that as many as 85% of targeted attacks are preventable.
“Just keeping software and backups up to date and using professional anti-virus will go a long way and might even be enough for individuals, but the effects of a breach can be catastrophic to a business,” Chorafakis added. “Speaking with a cyber-security professional can help businesses better understand where they are vulnerable and take the necessary steps to protect themselves.”
Security firms started reporting a spike in ransomware attacks even before the leaked NSA exploits, with many factors contributing to the online crime wave. Digital currency like Bitcoin has made it possible for cyber-extortionists to extract payment from their victims electronically with just a few clicks and no money trail for authorities to follow.
This has attracted a new class of cyber-criminal, capable of producing professional grade hacking software, even offering Ransomware-As-A-Service to less tech-savvy criminals who carry out the attacks and share the profits with the developers. Now armed with stolen hacking weapons created by some of the most talented cyber-spies in the world, criminals were able to perpetrate the largest extortion cyber-attack ever seen.
“The WannaCry cyber-attack should serve as a wake-up call to every business out there,” concludes Chorafakis. “Take time today to apply software updates, check that backups are working and ask a security professional what you can do to avoid falling victim to a cyber-attack and make sure your business can recover from one.”