The U.K.’s National Health Service (NHS) was warned about the risk of cyber attacks a year before it was hit by WannaCry ransomware in May 2017, according to a report from the U.K.’s National Audit Office (NAO). While the NHS had work underway to improve cyber security, it didn’t respond to the warning with a written report until July 2017.
The impact of WannaCry on the NHS was significant, according to the report. At least 81 of 236 NHS trusts across England were affected, as well as an additional 603 primary care and other NHS organizations. Thousands of appointments and operations were canceled as a result, and emergency patients in five areas had to be diverted to other locations.
According to the report, all organizations infected by WannaCry could have protected themselves by taking extremely straightforward steps. “NHS Digital told us that the majority of NHS devices infected were unpatched but on the supported Windows 7 operating system,” the report states. “Trusts using Windows 7 could have protected themselves against WannaCry by applying a patch (or update) issued by Microsoft in March 2017, and NHS Digital had issued CareCERT alerts on 17 March and 28 April asking trusts to apply the patch.”
NAO head Amyas Morse said in a statement that the WannaCry attack had potentially serious implications for the NHS’ ability to provide care to its patients. “It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice,” he said. “There are more sophisticated cyber threats out there than WannaCry, so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
Imperva EMEA regional vice president Spencer Young told eSecurity Planet by email that ransomware is now one of the most profitable types of malware attacks. “Cybercriminals have discovered how financially rewarding — and easy to use — it can be, especially against larger targets, such as NHS with business-critical data stored on file shares,” he said.
“In the decade since its initial appearance, the ransomware extortionate has evolved from a collection of ad-hoc tools implementing an unripe idea and run by callow hackers to a smooth and highly efficient ecosystem run by professionals and filling the hacker’s most desired void: the path from infection to financial gain,” Young added.
And Anton Grashion, senior director of product and marketing EMEA at Cylance, said by email that while WannaCry may have been preventable with regular patching, a treasure trove of more dangerous malware is now available to threat actors on the Dark Web.
“It’s easy to say that if recommendations were acted upon the effect would have been less, but there would still have been an effect, because the initial malware infection had to be stopped as well — not something the recommendations covered,” Grashion said.
While regular patching is necessary, Grashion said, it’s not enough on its own to prevent highly damaging cyber attacks. “It’s still imperative for security teams to evaluate next-generation anti-malware technologies inside their own organizations to see what works best for their purposes against these increasingly sophisticated new malware types, which are regularly failing to be stopped by traditional security products,” he said.
Breaking Through AV
According to a recent Malwarebytes report based on scans of nearly 10 million endpoints, traditional anti-virus solutions failed to protect almost 40 percent of users from all malware attacks between January and June of 2017.
The ransomware types most commonly detected on machines with traditional anti-virus installed were Hidden Tear (41.65 percent) and Cerber (18.26 percent); the botnets most frequently detected were IRCBot (61.56 percent) and Kelihos (26.95 percent); and the most prevalent Trojans that bypassed traditional AV were Fileless (17.76 percent) and DNSChanger malware (17.51 percent).
“We are seeing more cyber attacks find ways to break through traditional AV detections,” Malwarebytes Labs director Adam Kujawa said in a statement. “The shortcomings of today’s traditional AV solutions are putting businesses, consumers and even governments at risk.”
“Cybercriminals will only continue to get better at developing attacks that are smarter and faster than our existing technologies,” Kujawa added. “It’s imperative that we continue to create new solutions to keep up with the pace of these new attack methods.”