By all accounts, Australian businesses can expect to bear witness to a second wave of attacks exploiting the so-called WannaCry ransomware and its emerging variants.
As of 14 May, more than 75,000 attacks had been reported across 99 countries, with the UK National Health Service (NHS) compromised, the Russian government infected and the Spanish telecommunications sector at a standstill.
At the time of writing, at least three Australian businesses had been hit by the ransomware, according to sister publication, Computerworld.
Now, local security experts are telling organisations to expect a further onslaught in the local market, as businesses go back to work after a weekend that saw attacks sweep through Europe and other regions.
According to The Missing Link chief information security officer, Aaron Bailey, the combined effect of the work week beginning in the local region and the emergence of new variants of the original exploit is likely to see a fresh round of attempted attacks hit businesses locally.
“Not everyone is on top of their emails, so part of the ‘second wave’ will arise, with the delayed reaction of people getting the emails and opening them,” Bailey told ARN.
“There was the malware researcher who managed to take down the botnet – found a kill switch…but there have definitely been sightings of new versions that don’t have the kill switch,” he said.
According to Bailey, local channel partners can help their clients protect themselves against the risks arising from the exploit and its variants by ensuring patches are up to date and that organisations incorporate the Australian Cyber Security Centre’s ‘Essential Eight” strategies to mitigate cyber security incidents.
The full 'Essential Eight' list can be found here.
“The core part is patches and the other part is backups,” Bailey said. “Really, the basic way to combat this is good patching and good offsite backups. If you do that well, you can minimise the risks.”
Likewise, InfoTrust CEO, Dane Meah, also expects to see new variants of the WannaCry exploit to lead to a second wave of attempted attacks locally and further afield.
“What we’ve seen from various threats is that there have been new variants which from what we’ve seen appear not to have kill switch, so that’s a huge concern,” Meah told ARN. “Our advice to Australian businesses is that a second wave of crypto, WannaCry or other variants will hit us either later this afternoon or tomorrow.”
Meah also suggests that partners can help clients by ensuring that their systems have been patched and that offsite backups are up to date. Additionally, he suggests that endpoint security systems are properly configured and that internal staff are educated.
“Our general advice would be first and foremost that systems have been patched, and the most up to date security controls,” Meah said. “Secondly, make sure engines are in place and correctly configured. We’re talking about perimeter security and endpoint security.
“The last recommendation in the chain is to check your backups,” he said. “Run your backups, make sure you’ve got a low recovery point objective.”