WannaCry hackers just getting started, former federal CISO says

More attacks are coming and they will be much worse, Greg Touhill and other security experts told a House Science subcommittee.
By Jessica Davis
12:59 PM
WannaCry more attacks coming

The initial WannaCry attack on May 12 rocked the globe and security experts are now saying it infected at least a million more systems than originally thought.

While conservative estimates place the number of impacted computers at about 300,000 in some 150 countries, security firm Kryptos Logic CEO Salim Neino said in actuality WannaCry struck 1-2 million computers.

Not only that, but Kryptos Logic — the firm responsible for finding the killswitch that stopped the majority of the spread — has thwarted an additional 60 million infection attempts. Seven million of these attempts were made in the U.S. alone, and Neino estimates these attacks could have impacted 10 to 15 million unique systems, at a minimum.

[Also: Former US CISO calls for Trump to fill that post]

Further, the initial incident in May was just a small start and, indeed, the bulk of the attacks happened in June.

The largest attempt Kyptus Logic thwarted and measured to date was on a well-funded hospital on the east coast.

“WannaCry is a slow pitch soft ball, whereas the next one may be a high and tight fast ball coming in,” Gregory J. Touhill, former federal CISO and adjunct professor of cybersecurity and risk management at Carnegie Mellon University, told a Science, Space and Technology committee on Thursday. “We need to be ready.”

[Also: You were warned: Ransomware experts saw this coming]

And the bulk of the attacks didn’t happen in May -- but in June. The largest attempt Kyptus Logic thwarted and measured to date was on a well-funded hospital on the east coast.

“It’s very likely the health system is unaware of the attempt,” explained Neino. “Most organizations don’t know they’re being exploited… Because WannaCry is self-propagated, the actors don’t even need to be in existence. The virus continues to proliferate in the actors’ absence.” 

WannaCry was just manifestations among many new kinds of disruptive threats, Symantec CTO Hugh Thompson said. “The threat landscape continues to evolve quickly, not just in technology, but in the social engineering methods used. The explosive growth of attacks like WannaCry and Mirai, demonstrate the need for layered defense.”

All of the security experts pointed to the need to better plan an organization’s security program. And it’s not necessarily about a need for more sophisticated technology.

“Cybersecurity is a risk management issue. But many people mistakenly recognize it solely as a tech concern,” said Touhill. “Cybersecurity is a multidisciplinary risk manage issue, and an essential part of a healthy risk management program.”

Thompson added that the U.S. must be prepared to fight a determined adversary that penetrated initial defenses.

“There’s no question that WannaCry was an important event,” he said. “But it won’t be the last. It’s more of an indicator of what’s to come. We lucked out, but next time we won’t be so lucky.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn