Breaking news has revealed that both US and UK governments are placing the blame on North Korea for being behind the WannaCry ransomware attack that caused global disruption. The malware affected hospitals, businesses and banks and is thought to have hit over 300,000 computers across 150 nations. IT security experts are commented below.
Tim Erlin, VP of Product Management and Strategy at Tripwire:
“Accurate attribution for cyber attacks is almost always a difficult task, and it’s doubly so when the evidence leading to the conclusion can’t be shared. With global public trust in the US government at a low point, it’s not surprising that there’s skepticism.
If we’re going to have national security organizations delivering these types of conclusions on attribution to the public, we need to find a way to develop trusted output. The mantra of ‘trust us’ doesn’t cut it here.
This conclusion about North Korea’s culpability isn’t new. The UK discussed the very same conclusion in October, with the very same caveats about sharing the actual evidence.
You can’t arrest a nation-state, which inevitably prevents any real closure on an incident like WannaCry.
Whether North Korea is the threat actor or not doesn’t change the lessons that organizations should take from this incident. These vulnerabilities are out there, and WannaCry demonstrated what can happen when the right condition is exploited. Defensive response should be to reduce the risk as much as possible.”
Dmitri Alperovitch, CTO and Co-Founder at CrowdStrike:
“Yesterday’s announcement by US Government of its official public attribution of the WannaCry attack to North Korea regime is another step in establishing the importance for regularly attributing significant attacks to nation-states and criminal groups. It also raises public awareness about North Korea’s growing offensive cyber capabilities. CrowdStrike has tracked DPRK’s cyber activities going back to the mid-2000s, which started with espionage, then half a decade later evolved into destructive attacks and in the last few years delved into cybercrime such as ransomware and bank heists. They are a very capable actor that is known to have developed 0-day exploits and their own unique malware code. As such, they pose a major threat to organisations globally, especially as tensions between the US and North Korea over the nuclear and missile programs continue to escalate.”
Eyal Benishti, CEO & Founder at IRONSCALES:
“Criminals are increasingly looking to monetise their efforts and with the increase in Bitcoin value it’s not surprising that they’re after these targets. The challenge is that Phishing campaigns are increasingly able to bypass legacy email filters and gateways. By adopting spoofing and impersonation techniques, and researching the target to make the lure both attractive and/or plausible – aka a new job, victims can be duped. The result is end users find it virtually impossible to identify phishing emails as they land in inboxes across the workforce, leaving them and the organisation exposed.
Instead, organisations need to deploy powerful solutions that utilise both humans and technology. By allowing those employees that are able to identify something that looks amiss to report it, and machine learning algorithms at the mailbox-level to continuously study every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioural analysis, organisations can automate neutralising phishing campaigns, even removing them from other inboxes to avoid anyone accidentally tripping the malicious payload.
This can be done by augmenting the representation of senders inside the email client by learning true sender indicators and score sender reputation through visual cues and meta data associated with every email. Automatic smart real-time email scanning should be integrated into multi anti-virus, and sandbox solutions so forensics can be performed on any suspicious emails either detected, or reported. The final facet is allowing quick reporting via an augmented email experience, thus helping the user make better decisions. These three, blended together can stop phishing messages hitting their target.”