Skip to main content
close search
site logo
Dive Brief

Expect hackers to build off of WannaCry, Nyetya in 2018

Published Feb. 21, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Elizabeth Regan

Dive Brief:

  • One of the ways savvy hackers are preying on organizations is by taking advantage of encryption to "conceal command-and-control activity," according to the Cisco 2018 Annual Cybersecurity Report. Though encryption is meant to protect digital networks, hackers are finding leak paths, which are a "misconfigured connection created to the internet on an enterprise network," to install malware. As a result of rapid cloud adoption, leak paths are increasing.

  • While network layer attacks are decreasing, application layer attacks are increasing. If hackers successfully infiltrate the application layer, which contains a variety of devices, "large portions" of the internet could be shut down, according to the report.

  • Before 2017, ransomware could only spread through drive-by downloads, email or inserting a piece of corrupted hardware, such as a USB drive, into a device. Hackers have now created self-propagating attacks that can go undetected, as seen in WannaCry and Nyetya.

Dive Insight:

Hackers are frequently executing more sophisticated cyberattacks, targeting businesses of all sizes across sectors. Last year alone serves as a testament to the level of severity cyberattacks impose on critical infrastructure. A range of new kinds of attacks were carried out with no signs of diminishing, and year will be no different. 

Last summer, hackers were able to harness the capabilities of previous malware and combine them with optimized versions. WannaCry was derived from a wormable ransomware with automated capabilities. Following WannaCry, the world got another taste of self-propagating ransomware in Nyetya, also referred to as NotPetya.

However, much of cyberattacks' damage could have been prevented if basic security measures, like software updates, had been routinely made. This is particularly true as both attacks took advantage of the known EternalBlue vulnerability. A weakness in or shortage of cybersecurity talent can also stall an organization's ability to implement the newest methods of protection.

In addition to propagating through outdated software, Nyetya used the supply chain to spread another emerging trend seen in 2017: using vendors as an unknowing weapon to distribute malicious content to customers.

Many vulnerable consumers were faced with the CCleaner attack in September after hackers were attempting to gain access to major companies' intellectual property, including Microsoft and Cisco.

Basic security protocols are key to mitigating new threats. CIOs and IT departments should at the very least maintain an inventory of all devices and software on their networks to easily locate where a vulnerability may lie.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell