I was recently asked to speak to the media about WannaCry. While preparing for the interview (see the video below), I’ve realized that this particular case is a good illustration of the various dimensions of cybersecurity:
- Technical — WannaCry spread much more rapidly than previous instances of ransomeware by taking advantage of the vulnerability in Microsoft’s SMB protocol for file sharing.
- Political
- This attack, which affected computers in some 150 countries, supposedly used the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA).
- The exploit was made publicly available by Shadow Brokers to “slam Trump”.
- Business — the main attack vector that enabled viral spread could have been prevented if computers running MS Windows were patched with the MS update issued by Microsoft some 2 months before. Yet, many organizations chose not to patch their MS Windows machines. Furthermore, some were still running Windows XP and Windows 8, which have not been supported by Microsoft for several years, and did not even have the patches for the SMB vulnerability made available by Microsoft until after the attack unfolded.
- Economic — while the criminals were able to extract several tens of thousands of dollars by pulling off this attack, the victim organizations have now to shoulder much bigger negative externalities by rebuilding their systems and restoring the data.
- Human
- Another attack vector was reported to be attachments in spam messages. This is a well known case of “social engineering”. Both, software vendors and and businesses, are well aware of the dangers of allowing users’ computers to execute code sent in attachments. Yet, no one can seem to figure out how to design operating systems and email clients in a way that would provide both convenience (i.e., usability) of quickly opening e-mail attachments and the security necessary for users to avoid falling to attacks like this.
- If individual users and organizations had access to the technology of seamlessly and frequently backing up their data and easily restoring it, in the case the master copy becomes encrypted or otherwise unavailable, then they could recover from WannaCry and other ransomeware in minutes.
I’m sure there many other points to add to all of the above dimensions.