Menu

The largest cyber attack in history

De grootste cyberaanval in de geschiedenis

In the last few years, cyber attacks have become much more common. We also often talk about it in our blogs. But text and explanation can sometimes be a bit bland and don’t speak to the imagination. That’s why in this blog we’ll give you an example of one of the biggest cyber attacks in recent history.

WannaCry (2017)

In 2017, one of the largest ransomware attacks ever took place. The attack is known as the WannaCry-attack because the ransomware used is named WannaCry. In 2017, the NSA (National Security Agency) created a tool that exploited a security vulnerability in Microsoft Software. Obviously, this tool was not made to distribute ransomware, but the NSA itself suffered a cyber-attack in which the so-called ETERNALBLUE tool was stolen and published online, making it publicly available.

The largest cyber attack in history

Solution

Microsoft had been informed about the vulnerability a month before the leak and soon had a so-called patch (solution) that resolved the vulnerability in the security of the software. However, and you’ll probably recognize this in your own organization, not everyone had downloaded the update with the patch (“remind me later”) It soon became clear that many people were still using outdated computers and/or software. Hackers launched a ransomware attack using the ETERNALBLUE tool and infected 200,000 computers across 150 countries within a day.
Within a few hours a cyber security expert (who was also an ex-hacker) found a so called ‘kill switch’, a kind of self-destruct button in the software that caused the ransomware to shut down and stop spreading itself.

Effects

Ultimately, it’s estimated that this attack cost between 100 million and several billion dollars in damage. The WannaCry cyber attack received attention partly because of its impact on the NHS (National Health Service). The WannaCry attack disabled about 70,000 computers in hospitals all across England. The cyber attack was carried out on a scale never seen before and could have been much worse, according to experts. Using the ETERNALBLUE tool was a very well thought-out action, according to experts, but other parts of the attack including the ”kill switch” looked like amateur mistakes. Without these mistakes and the clever performance of the ex-hacker and cyber security expert Marcus Hutchins, this cyber attack could have been a lot worse with disastrous consequences.

An important lesson

Perhaps the most important lesson that we can take out of this story is: Always check if your software is up to date! Always. Updates are extensively tested in advance by developers and in all cases serve as an improvement to the current software package. This could be an update to the operation or interface, but in most cases it is a security update. Updating your software prevents you from falling victim to a (un)known security vulnerability.

Bellen
Mailen