The U.S. government may not be able to prevent another world cyberattack like WannaCry, a elderly cybersecurity official has said.
Jeanette Manfra, the auxiliary administrator for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency( CISA ), said on stage at TechCrunch Disrupt SF that the 2017 WannaCry cyberattack, which determined hundreds of thousands of computers around the world infected with ransomware, was uniquely challenging because it spread so quickly.
” I don’t know that we could ever frustrate something like that ,” said Manfra, referring to another WannaCry-style attack.” We exactly have something that altogether attests itself as a worm. I feel the original perpetrators didn’t expect probably that sort of impact ,” she added.
The WannaCry cyberattack was the first great world security incident in years. Hackers believed to be associated with North Korea expended a prepare of highly classified hacking implements that merely weeks later had been been stealing from the National Security Agency and published online. The implements admitted anyone who consumed them to foul millions of vulnerable computers with a backdoor. That backdoor was used to deliver the WannaCry payload, which locked out consumers from their own enters unless they paid a ransom.
Making significances worse, WannaCry had wormable qualities, allowing it to spread across a system and making it difficult to contain.
Although the National Security Agency never publicly affirmed the theft of its hacking tools, Homeland Security said at the time that users were” the first path of defense” against the threat of WannaCry. Microsoft released defence mends weeks later, but countless have not been able to positioned the patches.
” Updating your spots would have prevented a exhibition extent of people from from being a victim ,” said Manfra. Yet data shows that two years after the attacks, more than a million computers remained vulnerable to the ransomware.
Manfra said ” bad things are going to happen ,” but that efforts to mobilize government and the private sector can help combat cyberattacks as they emerge.
” Luckily, there was a an enterprising individual who was able to find a way to kill it and it didn’t impact the U.S. as much ,” she said.
Marcus Hutchins, a malware switch architect and safety researcher, cross-file a domain name experienced the ransomware’s code which when cross-file acted as a” kill button ,” stopping the ransomware from spreading. Hutchins was heralded as an” accidental hero” for his efforts. Hutchins and his colleague Jamie Hankins invested a week ensuring the kill switch abode up, helping to prevent millions of further infections.
Manfra’s statements came time weeks after her district warned of a brand-new, emerging menace posed by BlueKeep, a vulnerability found in Windows 7 and earlier, which professionals say has the ability to trigger another world-wide occurrence same to the WannaCry attack. BlueKeep can be employed to run malicious code — such as malware or ransomware — on an affected system.
Like WannaCry, BlueKeep also has wormable owneds, allowing it to spread to other vulnerable computers on the same network.
It’s estimated that a million internet-connected maneuvers are vulnerable to BlueKeep. Security researchers say it is only a matter of time before bad actors develop and use a BlueKeep exploit to carried out under a same WannaCry-style cyberattack.