WannaCrypt ransomware – also known as WannaCrypt, WannaCry, or Wcry – has exploded across dozens of countries, infecting hospitals, businesses, metro stations, universities, and governments. After an initial infection, probably by a spam email or an exploit kit downloaded from a vulnerable website, WannaCrypt spreads across vulnerable Windows endpoints by a Trojan that spreads within networks by exploiting a vulnerability in Microsoft’s SMB file-sharing services.
In recent years, ransomware attacks were relatively constrained in impact. The difference with WannaCrypt is its sheer scale spanning the globe and industries as well as its clear criminal intent to hold legitimate online activities to ransom. And, unfortunately, WannaCrypt is only a leading indicator, with security researchers now finding dozens of new ransomware derivatives each month.
Cybersecurity forecasts always seem low in retrospect
Security issues, and efficiently mitigating their impact, are a fact of life on the Internet. It’s the marriage of the vulnerability with cybercrime that is confounding the ability of analysts to accurately predict the growth of cybersecurity investment, with even the most radical forecasts being outstripped in retrospect.
WISeKey is part of the next generation of cybersecurity companies seeking to step up to the challenge. WISeKey’s Vertical Trust Platform seeks to help companies address security challenges through better authentication and encryption for legitimate users, devices, emails, and documents. WISeKey has particular capabilities in the vastly important Internet of Things (IoT) sector.
Taking IoT cybersecurity seriously
Carlos Moreira, Chairman and CEO of WISeKey, commented: “WannaCrypt has created significant economic damage – simply through its limited attacks on Windows-based machines. Can you imagine the degree of damage when these attacks move wholeheartedly into the IoT world, pulling in internet-connected devices of every description from home appliances to industrial gear? We are already seeing examples where compromised video cameras are being used in botnets, and it’s only a matter of time before we see a WannaCrypt-scale attack on IoT. The attraction of these IoT targets to criminals, competitors, hacktivists or surveillance is too great to ignore.”
The WISeKey approach uses the same cryptographic chips – long a staple of smartcards and networking gear – for IoT devices allowing secure and tamperproof management of the encryption keys that identify devices, control their capabilities and encrypt their communication. The WISeTrust IoT platform leverages WISeKey’s Semiconductors division (a leading provider of cryptographic chips) and WISekey QuoVadis (a specialist in managed public key infrastructure solutions).
The world loves the new features that become possible through IoT – but events like WannaCrypt should remind us that we must take the cybersecurity of IoT very seriously so that our smart devices don’t become pawns in far-flung Internet attacks.