This blog was written by Grant Bourzikas, previous CISO at McAfee.
Has it been a year? It seems longer.
When the WannaCry ransomware attack hit tens of thousands of individuals and business around the world on May 12, 2017, it wasn’t the first time we had seen ransomware, but its impact was unique and lasting.
We’ve all known for decades about hackers, information thefts, computer viruses etc. But when a hospital’s information system gets locked, and lives are at stake, think pieces about the “Future of Cybersecurity” don’t seem so distant. WannaCry brought the future into the present. Quickly.
In the last year, there seems to have been more dialog about the “downside” of tech as well as the upside. In short, for every positive in IT there is often an (unintended) downside. For example, billions of people love social media, particularly Facebook. But the recent testimony before Congress from Facebook’s CEO brought out the dark side of this technology: privacy issues and even the possibility of political manipulation.
Frequently, IT downsides seem to involve cybersecurity issues, in one way or another.
With WannaCry, the “theory” of threats became personal. If someone is ill and can’t get medical attention, that’s personal. It your pacemaker is hacked, that’s personal. And if your car — self-driving or not — gets its power steering wheel locked by a hacker when you’re going 80 miles an hour, that’s personal.
A Unique Problem
Why was Wanna Cry different? Because it’s the first time we’ve seen worm tactics combined with ransomware on a major scale. The outbreak infected at least 350,000 victims in more than 150 countries.
WannaCry’s success came down to its ability to amplify one attack through the vulnerabilities of many machines on the network, making the impact greater than what we had seen from traditional ransomware attacks.
To quote McAfee’s Chief Scientist Raj Samani: “WannaCry is still being talked about, and I suspect it will be one of those events that will act as a milestone for malware. It took the industry by storm with its propagation method, and challenged the previously held belief that criminals would provide decryption keys once paid the ransom.”
Day Zero Protection
In terms of the company I work for, McAfee, Wanna Cry was a test: a test to see if the cybersecurity software we had been working on for many years would meet the challenges of an attack we had never seen before. I think we met the challenge, and I also learned from that attack.
McAfee technology provided Day Zero protection against the attack, not just at the endpoint but across many aspects of an integrated security architecture. Threats like WannaCry remind us that an integrated cybersecurity approach is the best defense because it enables people to protect, detect and respond to the newest and most challenging threats.
We met the attack in several ways:
- The latest McAfee Endpoint Security® software running Dynamic Application Containment® (DAC) in secure mode gave full Day Zero protection against WannaCry.
- ENS®, Threat Intelligence Exchange® (TIE) and Advanced Threat Defense® (ATD) operate together as a zero touch, closed loop security defense system.
- McAfee Active Response® (MAR) delivered trace data that revealed malicious activity at Day Zero, helping responders identify the attack and update defenses across the environment.
For customers on older endpoint technology, McAfee researchers analyzed samples of the WannaCry ransomware immediately upon detection, and then updated McAfee Global Threat Intelligence® (GTI) and released an emergency DAT and new HIPS signatures for extra coverage. As a company, we spent a lot of time on the phone with customers over the weekend after “WannaCry Friday”—many had questions about their endpoint version.
The Big Picture
In the case of WannaCry, the immediate threat was met. But we also realized it’s important to keep an eye on the big picture. Now, more than ever, the “new threat, new widget” approach must evolve.
McAfee’s philosophy is that an effective defense is built on a dynamic cybersecurity platform that is both open and integrated. Open, so it can quickly accept new technologies that protect against even the most creative adversaries; and integrated in that technologies can work together as a cohesive defense.
Those integrated defenses were on clear display in protecting our customers during the WannaCry episode. Leveraging an automated security system that protects, detects and corrects in real time allows users to both free up resources and thwart advanced attacks. As a result, users no longer have to choose between the best technology or the most manageable – they can have both.