As cyber-attack outbreaks go, WannaCry didn’t really last that long from the time the first infection was discovered on the morning of May 12 until the kill switch was released by Microsoft three days later. In that short span, however, the damage reached $5 billion while hundreds of thousands of companies worldwide were compromised.
Using the NSA’s EternalBlue cyber-spying tool as the launchpad, this type of ransomware exploits a gap it the Server Message Block (SMB) protocol of Microsoft. In fact, the tech company already released patches to address the security issue prior to the attack. Unfortunately, not all companies installed the free upgrade.
The WannaCry takes the computer and server hostage and a code in the malware sends a ransom note for the company to pay in Bitcoin to recover the system hence the term, ransomware. The threat is not only to delete your files but also to release sensitive data to the public if you don’t pay up.
Prior to the attack, nobody thought much of ransomware. Cybersecurity experts thought that the makers of the malicious script are exaggerating the extent of damage their products can do. Hiring experts to recover the data would do the trick. They might claim to delete the files but actually hid it from the system and these could easily be recovered with the right tools and expertise.
In 2015, Microsoft reported that ransomware cost businesses and enterprises $325 million in damage. Clearly, cyber-syndicates realized that there’s money to be made here. In fact, just two years later after that report, cyber-attacks already cost industries $5 billion in damage in 2017.
Cisco warned that the threat of is just starting as ransomware is predicted to grow 350% every year, according to its 2017 Annual Cybersecurity Report.
What’s clear is this: with WannaCry, the spigot of ransomware threat has been turned on. And what you have out there right now are new strains and codes that are deadlier than what we’ve encountered in the past.
With cyber-security, it’s the bullet that you don’t see that will kill you.
Despite what you may have been led to believe, cyber-security experts are always playing catch-up with the hackers. You have a large volume of data that needed to be sifted and analyzed, and the threats are becoming harder to spot because they are essentially more complex. Then you add the shortage of cyber analysts who would have served as the first wall of defense.
Then there’s the growing trend of companies purchasing off-the-shelf security platforms due to the dearth of analysts and lack of investment in IT. The Internet-of-Things—with its all-encompassing applications—only muddled the waters further.
In an interview with the Information Security Media Group, John Pescatore, director of the SANS Institute, said that while more and more companies have fortified their defenses to handle the Internet-of-Things, “there are a lot that are so focused on just the day-to-day security work of keeping Windows PCs and Linux servers secure, that they haven’t gotten started at all.”
Obviously, companies can’t stay on the defensive while they get pounded by all these new cyber threats. The only way to optimize protection is to go on the offensive.
This is essentially what a threat intelligence platform is.
For instance, Zero Day Live threat intelligence platform from Stealthcare has managed to predict the WannaCry ransomware, as well as other cyber-attacks like the Dyn cyber-attack and the Atlanta Samas ransomware. You may remember the series of DDoS attacks against Dyn in October of 2016 that shut down several companies across Europe and North America. Apparently, the virus piggybacked on the Internet-of-Things devices, which explained the quick and sweeping contamination.
Just last March, the computers owned by Atlanta City were infected with the ransomware. The security breach was very alarming considering that who accessed the government machines may also be vulnerable. Reportedly, the hackers demanded $6,800 for each hostage unit.
This is the landscape that companies find themselves in.
With the advances in AI, however, companies are giving a fighting chance.
TIPs like Zero Day Live sorts and sifts through a sizeable quantity of data, and analyzes all that information amid all the noise to provide an appropriate battle plan. Instead of just reinforcing defenses, the AI platform aggressively seeks out the active threats to the organization and makes sure they are defanged.
Analysts, even with their superhuman efforts to see connections from random events, could not possibly mimic the functions of automated threat intelligence platforms.
It’s similar to what spy agencies are using. Input the keywords and when they show up in the system, especially when the attack is imminent, the TIP is activated and alerts the IT department for counteraction.
Most hacks have their signature DNA. More than money, hackers are also driven by their ego to beat the system, so to speak. Cyber forensics typically reveals this signature. Automating the process will drastically reduce the time to sniff for these threats. The DNA is hard-coded into their system, which makes it almost impossible for hackers to change their signature mid-stream. This is, and has always, been their vulnerability.
A good analogy would be the police and criminals. Unless investigators develop a predictive model to anticipate a crime before it happens, they will always be playing behind. The FBI’s Behavioral Analysis Unit was established precisely to find patterns on serial offenders in the hopes of identifying them through their signature, and finally pinning them down.
Going back to Zero Day Live, the platform can be fully integrated into the IT or business enterprise with hardly any termination in the operations. Combing through large data, the tool is able to assess vulnerabilities and craft an extensive threat analysis. Instead of wasting resources to overreact to any little threat, the AI function is able to target the cyber-threats that matter only to your organization.
The TIP itself can be installed as a software as a service or SaaS through subscription or piecemeal solution to counter the threat. As a result, companies can focus on their core business operations rather than spend a lot of time and money buttressing their IT departments.
The main purpose is to recognize the reason for the existence of the threat actors. In case of ransomware, money is the main motivating factor. In fact, more than 4 in 10 of cyber-attacks are fueled by money. But there are other gradients in the motives of the hackers. Politics may also be involved like what happened in the 2016 US elections, for instance. Other reasons could be inside job, trying to kill the competition, cyberwar and an angry customer.
But how do you attribute something immeasurable such as motive in neutral and impartial data? That’s what TIP can do for the companies. Fortunately, more and more companies recognized the importance of AI tools in order to catch up with the increasing complexities of cyber-attacks.
Once you understand the motive of the threat, it’s easier to craft a winning strategy in the digital battleground.