Since publishing Issue 1 of ACSM, it seems that cyber security has been in the headlines as many times as Donald Trump – and in some cases because of Donald Trump, but we’ll not go into that. Starting with WannaCry, it was an interesting media spectacle to see how this new flavour of ransomware could stop an entire government department in the UK (the National Health Service). When a researcher stumbled on the so-called kill switch, stopping WannaCry in its tracks, he became an anointed hero of the information age. What I am interested in, though, is that no one considered to thank all those diligent security managers and sys admins who had already patched MS17-010. Anyone who had already applied the Microsoft fix would have halted WannaCry’s devastating lateral movement capability, curtailing its virulence and reducing it to the usual noise levels we deal with every day. The real lesson the world should have learned from WannaCry was that hoping you’ll be immune from infection, without addressing the issue, isn’t good enough: you must check. A few weeks later, the hype cycle started again, this time focusing on the worst named malware in history. In the rush to give it a cool name, people speculated it was a new variant of an older malware called Petya. In the media’s eyes, it was WannaCry the Sequel. It used the same EternalBlue exploit that WannaCry incorporated into its payload, but also looked very like a copy of Petya. So, WannaCry the Sequel quickly became Petya. However, it wasn’t long (a matter of hours) until someone had reverse engineered WannaCry the Sequel, revealing that it wasn’t Petya after all: it was something completely different. So WannaCry the Sequel became NotPetya. Did you see what they did there?…Click HERE to read full article.
