It’s fairly common for people to blame themselves whenever they experience some form of trauma that in reality occurred because of some set of circumstances well beyond their control. Organizations that fall prey to cybersecurity attacks are no different. There’s always a sense that someone somewhere inside that organization could have been done something different that would have resulted in a different outcome. In recent weeks, however, it’s become clear that two of the most virulent forms of malware to wreak havoc around the globe were the work of entities engaged in cyber-warfare.
The Department of Justice (DOJ) in the U.S. this week unsealed an indictment against Jyn Hyok Park, a citizen of North Korea that allegedly played a central role in not only an infamous cyberattack on Sony that occurred in 2014, but also the development of the WannaCry ransomware that encrypted data on hundreds of thousands of machines around the world. The DOJ alleges Park is part of a company with ties to the North Korean government that operates out of China. The warrant for his arrest claims Park used a variety of proxy services to cover his trail that the DOJ has since been able to uncover.'The organization that created NotPetya apparently did not anticipate that this piece of malware would spread around the globe, resulting in billions of dollars in losses.' ~@mvizard Click To Tweet
That news comes on the heels of a revelation that a NotPetya ransomware attack that crippled companies around the world was essentially collateral damage from a cyberattack on Ukraine that was launched by a shadowy organization known as Sandworm that allegedly has ties to the Russian government. The NotPetya attack was launched as part of an effort to disrupt critical functions all across Ukraine as part of an ongoing conflict that stems back to a Russian move in 2014 to annex Crimea despite the fact the region had formally been part of Ukraine. Since then a covert war lead by separatists has been playing out within the eastern region of the Ukraine that shares a border with Russia. Unfortunately for organizations around the world, the scope of that conflict is not limited to the border between Russia and Ukraine. The organization that created NotPetya apparently did not anticipate that this piece of malware would spread around the globe, resulting in billions of dollars in losses.
Worse yet, the shadowy organizations that created this malware need to fund their operations. While that may come via a back channel from some government source, it’s a lot more lucrative for those organizations to share the fruits of their labor with a wide range of cybercriminals that go on to create even more collateral damage.'A lethal as NotPetya and WannaCry were, chances are high there’s even something nastier being cooked up somewhere in some corner of the world seldom visited.' ~@mvizardClick To Tweet
To be fair, however, shadowy organizations loosely affiliated with nation states are not the only entities engaged in this research. It’s already been shown how the U.S. government lost control of exploits it developed that cybercriminals now routinely employ.
Cybersecurity teams can take some cold comfort in the fact that they are locked in a battle against some of the most skilled hacker on the planet. They should also realize that those hackers will continue to hone their skills. It’s not likely any of them will be brought to justice any time soon. In fact, there’s a reason why virus terminology permeates the cybersecurity lexicon. Malware like viruses continues to evolve. A lethal as NotPetya and WannaCry were chances are high there’s even something nastier being cooked up somewhere in some corner of the world seldom visited. The assumption IT organizations need to make is now is not what defense to put in place to thwart yesterday’s attack, but rather what defenses need to be put in place in anticipation of the next.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.