Investigations by Britain’s NCSC back up previous claims regarding WannaCry origin
New investigations have shed more light on the recent WannaCry ransomware epidemic, revealing the scale and origin of the global cyber attack.
Last month, WannaCry became one of the most high-profile attacks ever seen when it tore through the NHS before rapidly spreading around the globe to steal and encrypt private data from thousands of organisations.
Now, an investigation led by Britain’s National Cyber Security Centre (NCSC) has suggested that hackers in North Korea launched the attack, while researchers in the US believe it affected around one million to two million computers.
A congressional panel in the US was told this week that the only reason the attack didn’t spread further was because of the discovery of a ‘kill switch’ by a British security researcher going by the name of ‘MalwareTech’.
It is believed to have hit hardest in Russia, China and India, but the impact could have been significantly more severe.
“It could have been much, much worse,” said Gen. Gregory T. Touhill, former CISO to the Obama administration. “I view WannaCry as a slow-pitch softball whereas the next one may be a high and tight fastball coming in. We need to be ready.”
The virus stemmed from exploit tools stolen from the NSA in January by notorious hacker group ‘ShadowBrokers’ and exploited vulnerabilities in outdated Windows XP operating systems, which was still been used by many organisations including a large proportion of NHS Trusts.
Microsoft has since patched the flaw, with the company’s president Brad Smith calling for unity and slamming the National Security Agency (NSA) for the “stockpiling of vulnerabilities”.
And it now appears highly likely that a group of North Korean hackers known as ‘Lazarus’ was behind the attack, which also has links to the high-profile hack on Sony Pictures in 2014, as well as the theft of $81 million (around £620m) from Bangladesh’s central bank last year.
What is your biggest cybersecurity concern?
- Ransomware (28%)
- Humans / Social Engineering (27%)
- State sponsored hackers (14%)
- Malware (14%)
- Other (7%)
- Out of date tools (6%)
- DDoS (4%)
Researchers at Google, Kaspersky and Symantec had previously hinted at North Korean involvement, which has now been supported by the NCSC.
This theory was also backed-up American authorities this week, as the FBI and Department of Homeland Security blamed the North Korean government for WannaCry and several other cyber attacks dating back to 2009.
Tensions are certainly high between the two nations and, with the North Korea link seemingly proven, countries around the world will have to face the issue of how to respond.
Are you a security pro? Try our quiz!