“The Eternal Blue exploit was a zero-day when it came out, but the patch has been out for more than two months,” he said. “With patching, we need to do better.”
The program known as WannaCry may have been around since as early as February 2017, and a Google researcher discovered on May 15 that certain pieces of code match signatures of the Lazarus Group, which is believed responsible for the Sony Pictures hack and the theft of millions of dollars from the Bangladesh central bank. However, the group may have made as little as $56,000 from the attack, according to a group that is tracking the bitcoin wallets used by the attackers.
Many companies got lucky this time around. A security researcher, who asked to be identified only as “MalwareTech,” found a domain name in WannaCry and registered it on Friday, serendipitously discovering that it was a kill switch for the software. The spread of the software has been dramatically blunted since the registration.
However, MalwareTech doesn't believe the attacks will end there. “No, I imagine they will come back again next week with a new wave of attacks,” he told eWEEK on May 12.
Already, Kaspersky Lab and other companies have seen copycats modify the code and attempt to spread their own version of the software.
Companies should make sure that they systematically handle patching, using a vulnerability management system, business intelligence firm Gartner stated in a post on May 15.
While Microsoft has taken some heat for the missing the vulnerability in its software—and in turn, pointed the finger at the intelligence community for stockpiling vulnerabilities—Gartner argued that the security community’s focus should be on defense and investigation, not blame.
“While it’s tempting to point fingers at others, one of the key stages of incident response is to focus on root causes,” Gartner’s research director Jonathan Care, stated in a post. “Hindsight is always 20/20, and picking apart why systems were not migrated does not dig you and your enterprise out of the mire right now.”