Written byGreg Otto
This is the reality now.
With Wednesday’s apparent tempest-in-a-teapot ransomware attack at Boeing, the possibility remains for even the biggest organizations to come to a crippling halt at the mere hint that WannaCry has been redeveloped, reworked and set out in the wild.
The Seattle Times’ initial story relayed as much, as Boeing’s chief engineer sent out a companywide memo Wednesday calling for “all hands on deck” in the initial aftermath. A few hours passed, and suddenly what was WannaCry’s next great casualty was nothing more than an uncomfortable afternoon for the aviation giant’s IT teams.
“A number of articles on a malware disruption are overstated and inaccurate,” a Boeing statement read. “Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.”
Yet while Boeing avoided being labeled as infosec’s Next Great Disaster, it’s probably only a matter of time before WannaCry, or NotPetya or BadRabbit reduces a large company’s technology to digital rubble.
Experts have said as much for months now, after the Shadow Brokers unleashed the NSA’s elite-level EternalBlue exploit on the world. To review: EternalBlue works by targeting a dated vulnerability in Microsoft’s Server Message Block protocol. The vulnerability affects outdated versions of several different Microsoft operating systems. Attacks like WannaCry are so effective thanks in part to EternalBlue.
Numerous people expected EternalBlue to be used in the coming years by amateurs as well as sophisticated threat actors, for everything from destructive attacks to data theft.
“EternalBlue will exist and be viable as long as systems are not patched consistently as good cyber hygiene recommends,” explained Nehemiah Security Vice President Bob Wandell, a former Defense Department information assurance chief, told us last May. “The payloads that can be loaded onto EternalBlue are boundless and uniformly malicious.”
With what occurred Wednesday, it looks like those thoughts are coming to life. And Boeing probably won’t be the only company to see what a revamped WannaCry is capable of.
Prediction: this won't be the last time WannaCry rears it's ugly head. I personally know of at least 3 other orgs hit with (non-public) manufacturing stoppages over the last six months due to WannaCry. https://t.co/VXKPqNU1xO
— Jake Williams (@MalwareJake) March 28, 2018
This is the part where we wag a finger about the importance of patching, or we drop a reminder of how shoddy cyber-hygiene exists at big and small organizations alike. Those things are still true, but as history repeats itself, it’s almost as if they have faded into the ether.
So this is what we’re stuck with: A reworked ransomware variant built on top of leaked NSA exploits will continue to wreak havoc on pillars of the U.S. economy as long as patches are treated as an afterthought. The next time around, you can’t say you haven’t been warned.