Worst yet to come as WannaCry ransomware teaches hard lessons on the dangers of skimping on patching

Australians may have avoided the worst of the weekend’s massive WannaCry ransomware attack, which hit over 200,000 users and disabled businesses around the world over the weekend, but experts are warning that businesses that don’t double down on their cybersecurity defences may be T-boned as the first-generation ‘kill switch’ weakness is fixed and new variants of the ransomware worm are unleashed into the wild.

Businesses in Russia, the UK and other countries had borne the brunt of the attack, which exploited a Windows vulnerability that hit the mainstream with Shadow Brokers’ recent publication of a password that let anybody access NSA-authored exploits. The vulnerability was so widespread that Microsoft took the unusual step of releasing patches for Windows XP, Windows 8 and Windows Server 2003, which it has not officially supported for some time.

Microsoft said businesses that have been regularly updating their Windows servers would be immune from the vulnerability – a flaw in the SMBv1 server that was addressed in March within the company’s Security Bulletin MS17-010.

As well as drawing criticism from Microsoft over governmental stockpiling of vulnerabilities, the widespread success of the ransomware has turned WannaCry into a live demonstration of just how dangerous poor patching and backup practices can be.

Figures from Flexera Software’s latest Australia Country Report found that the number of Australian PC users with unpatched operating systems had increased by 7.5 percent since the last quarter of 2016, while 9.9 percent of non-Microsoft programs were unpatched in the first quarter of 2017.

Furthermore, the company said, fully 37 percent of vulnerabilities on Australian systems originated in operating systems – up from 21 percent of vulnerabilities a year ago. This trend highlighted the ongoing deficiencies in patching practices for which Flexera senior director of Secunia Research Kasper Lindgaard said “there is simply no excuse.”

“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” he said in a statement. “This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously.”

Information-security expert and ISACA spokesperson Raef Meuwisse warned that the success of WannaCry in disrupting businesses reflected the predictable effects of the “massive false economy” created by companies’ continuing disregard for the importance of cybersecurity investment.

“There is a danger that if budgets are looked at in silos, it can appear cheaper to leave vulnerable technologies in place without considering the huge cost impact of the operational interruption,” he said in a statement in which he noted that many of the affected systems were running unsupported operating systems that were still connected to networks and managing email “with no compensating controls”.

John Paior, founder and chairman of data-protection specialist Geek – which has previously rescued many users’ systems from ransomware attacks – said the Australian impact of the WannaCry ransomware had been minimised after the ‘kill switch’ was identified by a developer that registered the domain name of a command-and-control server identified in the WannaCry code.

While just 2 to 3 percent of the computers monitored by Geek had been hit by the ransomware, Paior said Australian companies needed to use the lull to revisit their ransomware protections and batten down for a widely expected second wave of attacks.

“While that has stopped this iteration of WannaCry from accelerating its attack, it will be back,” he said in a statement. “It’s very likely that someone will reverse engineer this ransomware worm to generate an updated version, which you can guarantee will not contain a ‘kill switch’.”

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful cybersecurity companies