WannaCry...ransomware cyberattack as far as the eye can see

crying whining baby after tantrum
Thinkstock

WannaCry ransomware is yet another wake up call and not a sales opportunity. Let’s dispel with the hyperbole and bull. Let’s stop pointing fingers. Let’s get down to the meat of the matter and have a good long look at what we have learned or at least should learn from the events of the weekend.

First off, what is the potential scope of the problem? Reports have stated in some cases that 200,000 systems have been infected with the ransomware. A cursory glance at the site Shodan.io shows well over a million systems with port 445 exposed to the Internet. Of course this is no guarantee that this was in fact SMB but, odds on favorite that it was a number greater than zero.

So, why is this the case? Let’s look at some of the angles. Patching isn’t as simple as we like to make it seem. Then we have remote support issues for some subpar vendors and lastly we have the home users who are often left to their own devices.

Patching has always a flustering subject for me. Anyone who has actually worked in an environment where they had to defend an enterprise understands, it isn’t as easy as “just patch it”. That’s typically a refrain of those who really have no idea what it is like to be a defender.

Years ago when I worked at a power company there was a problem with some system gear in the field. It made headlines and there were those out there that whinged that the systems should be just patched. The difficulty was that these were, in some cases, decades old gear that could not be taken offline for the long period of time required to patch. In the event that patch failed there was no fallback.

If patching were that easy we would not have the problems we see today such as the WannaCry outbreak. I would love to be able to Jedi wave mind-trick this to a better answer but, this isn’t the case for many environments. Is that a good answer? No, of course not. But, it is an honest one.

I personally like to rant and rave about patching myself. The logic that it is difficult to patch something can often utilized by defenders as their get out of jail card too. The pendulum can swing in either direction. I spent years in a role where I was part of team that would have to defend a company. There were many times where a system could not be patched because another “mission critical” piece of software would cease to function if patches were applied or, worse, the support contract would be null and void. The frustration levels were often at redline and rising.

Remote access for system support is a real problem for a lot of organizations. I have had several conversation over the last couple days with people that said their respective organizations had support contracts with vendors that allowed for bizarre access such as SMB. This is a disquieting thought. Partly because that this was a vendor demand and partly that the customers permitted this sort of access. Even if said access were to be granted why was it not locked down?

In the past I encountered companies that wanted unfettered access into an environment to support their system but, I refused. I made it clear that I was more than happy to speak with their competitor. Oddly enough we found a mutually beneficial solution in short order. This is not an option in every environment. Many defenders find themselves handcuffed by contactual obligation and happenstance.

Where I get upset, in this entire debacle of the WannaCry spread, is with the exposed and vulnerable home users. So many IT folks are more than happy to pontificate that people should have patched their computers. There is little guidance provided to the average home user who might know just enough to launch a browser and get online.

If you are an enterprise defender or a home user of a Microsoft operating systems please read this guidance from the software giant. Hopefully, this will help more people than the churn of "buy this software" that has already begun to spin out of control.

Related:
New! Download the State of Cybercrime 2017 report