In a statement issued by Tom Bossert, the Homeland Security Adviser to the White House, responsibility for the WannaCry attacks from May 12th to the 15th in 2017 was attributed to the Democratic People’s Republic of Korea. This claim fits with the conclusions that New Zealand, Australia, Canada, and Japan have come to, according to Bossert.
This reasoning has been around for a while, as the North Korean hacking group Lazarus was first associated with WannaCry in June, a single month after the attacks occurred. As Bossert stated in an opinion-editorial piece for the Wall Street Journal:
“We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”
WannaCry was so potent because it leveraged a flaw in the Windows Server Message Block that was the foundation of the National Security Agency exploit EternalBlue. EternalBlue was stolen from the NSA and released by another hacking group (the Shadow Brokers) in April. This combination infected thousands of companies around the globe and ended up shutting down healthcare organizations.
These incidents also encouraged Microsoft to partner with Facebook to help take a stand against future attacks like WannaCry. This is very positive, as North Korea has, according to Bossert, shifted its focus from nuclear threats to cyber initiatives as a means of funding their other projects and creating discord around the world.
What does this have to do with your organization?
Most importantly, activities like these being leveraged by governments only increases the importance of ensuring that your company has a comprehensive security plan of action. While some attacks similar to these can’t be avoided, the damage can be reduced with the proper preparations.
Macro Systems can help you in making those preparations effectively. Give us a call at 703-359-9211 for more information.