Tag: WannaCry | SpinSafe

The next WannaCry and drone hacking: Advanced persistent threats in 2023

November 16, 2022/in Internet Security

Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), defining the changes in the threat landscape that will emerge in 2023. Attacks on satellite technologies, mail servers, the rise of destructive attacks and leaks, drone hacking and the next big cyber epidemic are among some of the predictions for the next year.

The political turmoil of 2022 brought about a shift that will echo in cybersecurity for years to come and have a direct effect on the development of future sophisticated attacks. The 2023 forecast is based on the expertise and the activities the Kaspersky Global Research and Analysis Team (GReAT) has witnessed this year while tracking more than 900 APT groups and campaigns.

The next WannaCry and drones for proximity hacking

Statistically, some of the largest and most impactful cyber epidemics occur every six to seven years. The last such incident was the infamous WannaCry ransomware-worm, leveraging the extremely potent EternalBlue vulnerability to automatically spread to vulnerable machines. Kaspersky researchers believe the likelihood of the next WannaCry happening in 2023 is high.

One potential reason for an event like this occurring is that the most sophisticated threat actors in the world are likely to possess at least one suitable exploit, and current global tensions greatly increase the chance a ShadowBrokers-style hack-and-leak could take place.

Major shifts will be reflected in new types of targets and attack scenarios too, as experts believe next year, we may see bold attackers and specialists adept at mixing physical-and cyber-intrusions, employing drones for proximity hacking.

Some of the possible attack scenarios include mounting drones with sufficient tooling that would allow the collection of WPA handshakes used for offline cracking of WiFi passwords or even dropping malicious USB keys in restricted areas in the hope that a passer-by would pick them up and plug them into a machine.

Other advanced threat predictions for 2023 include:

One of the most potent attack vectors imaginable, which uses servers in key positions of the internet backbone allowing man-on-the-side…

Source…

Five years on: The shadow of WannaCry and NotPetya | Viewpoint

September 11, 2022/in Computer Security

Cyber risk is not new, or stationary, it is complex and evolving. But for all its complexity, like most things human, cyber risk follows a cyclical pattern. New risks may emerge, but the vast majority of risks are just old threats re-imagined for a new age.

WannaCry and NotPetya still cast a heavy shadow over us five years on but older readers will agree these are mere shadows compared to the chaos caused by Conficker, Melissa, ILOVEYOU and SQL Slammer in the early 2000s.

This older generation of malware worms was significantly more potent but came at a time when both their recognition and insurable impact were considerably moderated as corporate and business processes were far less digitised – in an age before the evolution of cyber insurance.

From these older-generation threats through to more recent events with WannaCry and NotPetya, what do we know now, what have we learned, and what has changed?

“Ransomware is now a mainstream threat. Across all walks of life, we hear about it, with regularity and fear – it is not some niche risk constrained to the IT security industry”

The threat of systemic malware/ransomware still drives the risk we face. Some worry about cloud outages but compared to the impacts of these attacks this is mainly “observation bias” as it is easy to picture a cloud outage. Compared to malware/ransomware, cloud outages are a second-tier peril.

The good news is the absence of significant malware/ransomware events since WannaCry and NotPetya, but like hurricanes spiralling around the Atlantic without making landfall, we’ve had a selection of headline-grabbing near misses or glancing blows. The last 18 months alone saw SolarWinds, the Microsoft Exchange vulnerability, Kaseya, Blackbaud and, most notably, Log4Shell.

The recent near misses show that when a vulnerability exists it doesn’t mean it will be exploited, or that it is easy to successfully exploit vulnerabilities in a way that can be automated or “wormable”. Threat actors might not want to cause significant amounts of harm, and corporates may urgently mitigate the risk if the threat is so great.

So, what has changed since WannaCry? Ransomware is now a mainstream threat….

Source…