A year ago, my phone went on with the first text alert about the WannaCry ransomware attack. From the beginning, it was clear that this attack was major and that she was crossing the world at an unprecedented speed. In four days, WannaCry inflicted billions of dollars in damage and infected more than 300,000 machines.
Once my team and I managed our customers' critical issues, our Threat Research Team investigated the differences between WannaCry and other major incidents.
Dawn of a new era of cyberattacks
We determined that WannaCry was fundamentally different, thus marking the beginning of a new and fifth generation of cyberattacks – or "Generation V attacks". The most important and successful examples of these attacks were created with the help of a state-sponsored technology. WannaCry was powered by an exploit originally created by the US National Security Administration and was released clandestinely several weeks before the May 12, 2017 epidemic.
Generation V attacks result in financial and reputation losses that are significantly more damaging than Generation IV (for example Target 2013) and Generation III attacks (for example, the ILOVEYOU virus in 2000). Another characteristic of Generation V attacks is that they are multi-vector. WannaCry has proliferated not only through the usual personal computers, but also through other IT infrastructure elements such as remote office servers, cloud networks, traditional network endpoints, and mobile devices.
Adding to the complexity, some hackers have created variants of WannaCry to win Bitcoin ransoms, while others focused on the chaos by targeting medical devices in hospitals last June, or more recently at Boeing and the city of Atlanta.
Why companies are not prepared for fifth-generation attacks
After the anniversary of the WannaCry epidemic and to determine how the security infrastructure has improved, we conducted a study of the industry evaluate the opinions of security and IT professionals on fifth-generation attacks and their level of defense readiness.
The results were worrying.
More than three out of four CISOs (77%) said they did not think they would be equipped to deal with fifth generation attacks. The study also revealed that the main internal obstacles to achieving higher levels of security are personnel issues and security technologies in conflict with the business or the user experience.
Most disturbing about these results is that companies are actually less well prepared than CISOs think. When we studied the type of security technologies deployed by companies, we found that three percent use threat prevention solutions that can prevent a company from becoming a victim of a Generation V attack. Nearly four out of five businesses (79%) use security solutions designed for Generation II or III attacks. despite a global level V5 cybermenace environment.
To achieve the highest level of security, organizations need to integrate and unify their security infrastructures to work better together, sharing threat data across all entry points in real time. This means moving from a layered and component security approach to a more holistic approach – what some call a complete security architecture.
Prioritize spending for modern war
Countries and their infrastructure are under attack every day, as we have seen in recent reports on alleged attacks on the American power grids. At the same time, billions of dollars are stolen or extorted attacks on Bitcoin exchanges, ransomware attacks and top-level phishing in businesses.
Regardless of the organizations or motivations behind the attacks, our critical infrastructure, personal assets, and business assets are highly likely to become collateral damage. It does not matter who launches an attack or why – countries and the global business community simply need to better defend themselves – because the large-scale, multi-vector nature of these attacks exceeds the security capabilities of many generations by several generations. average company. The reality is that we are spending billions around the world on military defense technologiesbut by investing only a fraction of it defend businesses and infrastructure against cyberattacks.
We need to master the basics, segment networks to quarantine attacks and prevent them from spreading. We also need to deploy advanced real-time threat prevention that blocks attacks. before they can get a foothold on the networks. This must be unified in all environments (networks, cloud and mobile) to ensure effective prevention of cyber attacks.
Working together as a global security community
In addition to the need to increase investments in digital asset protection, the need to educate and remove the barriers that currently prevent small businesses and large global companies from implementing a cyberprotection of Level V is a crucial factor in the fight against Generation V attacks. To prove that we are at an inflection point, the World Economic Forum recently cited cyberattacks and data fraud. two of the top five global risks in terms of probability (the other three are related to the effects of man on the climate).
As cyberattacks have become the weapon of modern choice for the destruction of critical infrastructure, we must work together as a global cybersecurity community, not only to protect individual organizations, but also to create a shared vision. protecting cities, nations and their citizens. Without a concerted and collaborative effort, we can expect the most trusted nations, communities and businesses to continue to be miserably protected from the next mega-cyberattack.
5 recent tactics used by criminals to steal your Bitcoin (and other cryptocurrency)