We all remember WannaCry; the scale of the attack, spanning over 150 countries and almost a quarter of million computers. In the UK, at least, this was accompanied by a media frenzy, largely due to the highest profile victim of the attack being the National Health Service. As a highly emotional target here in the UK, WannaCry became big news as the media strived to explain what had happened to our beloved NHS. However, according to a survey conducted at Infosecurity Europe earlier this month by Farsight Security, attacks of this nature happen with alarming regularity. 49% of those surveyed indicated they had been involved in battling and preventing WannaCry style cyberattacks in the last year.
Of this 49%, nearly three quarters (72%) said that this type of event, requiring them to work frantically to protect networks from attack, had happened three times in the last year alone.
“WannaCry made the headlines and got the general public listening, however, cybersecurity professionals actually work on incidents like this all throughout the year,” said Dr. Paul Vixie, CEO and Cofounder of Farsight Security.
Of the 49% of respondents who reported other WannaCry-like incidents that were shielded from public view, 20% said that these major security events have happened up to a staggering six times over the last year alone. It is easy to forget how common these attacks are and how hard these security professionals are working to keep our national infrastructure and our data secure.
The WannaCry ransomware attack began on Friday, May 12, 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. The sheer scale of the attack left many cybersecurity professionals working over the weekend to make sure their systems were prepared and resilient enough to withstand the attack. The NHS was publicly known to be particularly badly hit. The WannaCry ransomware exploits a vulnerability in Microsoft Windows, for which a patch was released. However, many corporations do not automatically patch their systems due to issues that a Windows update can cause to their legacy software programs. So, despite the patch being released, not updating left hundreds of thousands of devices open to attack, and held to ransom.
Cybercriminals often create and discard thousands of domain names within minutes for phishing attacks and other methods to “fly below the radar” during cyberattacks. Today most security professionals begin a cyberinvestigation by examining a suspicious IP address or domain name. Using Farsight DNSDB, the world’s largest historical database of Passive DNS with more than 35 Billion DNS resolutions collected since 2010, users can query these domain names and related IP addresses to gain rich threat intelligence, from information when attackers entered a network to motives and methods.
The survey of 360 information security professionals was conducted at Infosecurity Europe 2017 conference which took place June 6-8, 2017, at the Olympia Conference Centre in London.