A Category 1 cyber-attack similar to WannaCry could take place sometime in the next few years, warns Dr Ian Levy, NCSC’s technical director.
Urgent steps need to be taken to demystify cyber security and to prevent a major cyber-attack in the future, he adds.
Following the WannaCry ransomware attacks in May that impacted operations at over 40 NHS trusts, organisations in the UK and the rest of the world have encountered several new malware and ransomware variants, even though none of them have been able to mimic the rampage caused by WannaCry.
However, if Dr Ian Levy, Technical Director at the National Cyber Security Centre is to be believed, a WannaCry-like cyber-attack could take place in the near future, unless the cyber security space is demystified by including more science and data.
“Predictions in cyber security are quite difficult, but I am going to make one I am reasonably confident about. Sometime in the next few years we are going to have our first ‘category one’ cyber incident, where you need a national response.
“There will be an independent investigation and what will really come out is that it was entirely preventable. Unless we start to put some science and data into cybersecurity to demystify it, that is really going to happen,” he said.
This coming from the National Cyber Security Centre suggests that the potential cyber-threat is too real and frightening, especially for the government as well as businesses who are yet to mould their cyber security infrastructure to comply with the upcoming Data Protection law.
After the WannaCry threat was contained, security researchers across the globe observed several new ransomware strains that borrowed codes from WannaCry as well as other powerful malware. In late May, security researcher Miroslav Stamper, who is a member of the Croatian Government CERT, said that a successor of WannaCry named EternalRocks will feature as many as seven cyber tools stolen from NSA’s databases.
Stamper contended that EternalRocks not only used lethal SMB (Server Message Block) tools which were named EternalBlue, EternalChampion, EternalSynergy, and EternalRomance but also SMB reconnaissance tools named SMBTouch and ArchTouch which could keep an eye on affected computers.
“Matter of time when common malware through phishing bad guys will incorporate SMB exploits for synergistic attack. Then, we die,” Stamper tweeted.
Last week, security research firm Barracuda also noticed a new ransomware being distributed to millions of computers by hackers based in Vietnam and a few other countries. The new variant is designed to take control over systems and demand ransom from affected users.
What makes the ransomware very dangerous is that like WannaCry, it is being sent to millions of users across the globe in the form of emails. In these emails, the sender is either listed as ‘Herbalife’ or a copier file delivery eg. ‘firstname.lastname@example.org’. Newer emails being sent by hackers bear the subject line “Emailing – <attachment name>.
Barracuda has blocked 27 million phishing emails so far that contain the new ransomware, the speed at which hackers are spreading the ransomware variant hasn’t changed. At the same time, hackers are also changing the names of payload files and the domains used for downloading secondary payloads constantly to avoid being filtered by anti-virus engines.
As per available data, the new ransomware possesses various abilities that include an ability to encrypt files, download executables from a remote location, ability to use cryptography API, modify Windows initialisation files, deleting samples after the execution and ability to retrieve system default language identifier.