Wannacry, one year later.
WannaCry hit one year ago when itinfected more than 200,000 machines in 150 countries, causing billions of dollars in damages and grinding global business to a halt The speed and scale of the attack. Helped along by leaked National Security Agency hacking tools. WannaCry's legacy still resonates today. The cyber-landscape has fundamentally changed, with threat actors increasing almost exponentially in their capabilities, sophistication and ambition. WannaCry changed the cybersecurity game, not just through its outsized impact, but it made waves because of its outsized influence on the cyber-threat landscape. Marking a turning point in the cybersecurity environment, we were looking at the first global-scaled, multi-vectored cyberattack powered by state-sponsored tools. WannaCry marked a new generation of cyberattacks.
In the year since WannaCry, ransomware has given way to cryptomining as the go-to payload for cybercriminals. Cryptojacking in fact increased 8,500 percent in the last quarter of 2017, and made up 16 percent of all online attacks. But ransomware isn't decreasing, there have been more than 176 million attempted new WannaCry attacks globally. The use of state developed hacking tools has become widespread. WannaCry was the direct result of the Shadow Brokers hacker group stealing and then leaking exploits developed by the NSA. One of them, EternalBlue, was used in WannaCry, and just six weeks after that, NotPetya used the same exploit in its infamous attack. EternalBlue and additional weapons from the trove have cropped up everywhere since then, in multiple campaigns spreading banking trojans, other kinds of ransomware and, this year, cryptomining code. The SamSam ransomware attack that shut down the city of Atlanta and cost it $5 million in damages and clean-up costs relied on DoublePulsar, another NSA developed exploit in use now across the internet.
In the past, hackers usually used homegrown tools for their hacking activities. WannaCry marked the shift toward using military grade weapons, hacking tools that are powerful enough for a national cyber-defense agency to use on international cyber-warfare. With the use of government strength tools, WannaCry also demonstrated the potential for large-scale cyber-attacks. Campaigns today go after greater paydays, and the space is attracting well-funded criminal organizations looking to develop lucrative hacking operations. The surge in ransomware outlines this. Aanalysis shows that in 2015, ransomware attacks caused $325 million in damage. Last year, attacks were up to $5 billion in damages.
Criminals are adopting new attack strategies, such as those used by Hajime and Hide-and-Seek, to accelerate both the scale and success of attacks. There has been a change in attack vectors. WannaCry established the concept of the ransomworm code that's able to spread through cloud networks, remote office servers and network endpoints alike, needing only one entry point in order to infect the entire system. This multi-level approach allowed WannaCry to easily overwhelm companies that followed the usual security strategy of picking their favorite product from different vendors for each entry point.
These new variations are transitioning away from traditional ransomworm based attacks, which require constant communication back to their controller, and replacing them with automated, self-learning systems, turning malicious ransomworms into ransom-swarms. Future attacks are likely to leverage things like swarm intelligence to take humans out of the loop entirely in order to accelerate attacks to digital speeds. Criminals have been using an attack all fronts strategy that has been especially effective.
The stakes are higher than ever before. WannaCry demonstrated that cyberattacks can introduce real, physical risks into the equation. It hit Britain's National Health Service, and attacked a wealth of medical devices, like medical imaging machines. Patients in the U.K. lost valuable medical response time. Research determined that WannaCry was still the sixth most prevalent threat in the first quarter of 2018. WannaCry and NotPetya both ended up causing hundreds of millions of dollars in damages to medical production lines and other business processes. For industries like healthcare, ransomware puts the lives of people at risk. Ransomware is likely to evolve and expand to IoT devices and wreak even more havoc. Currently, the focus is on PCs, but tomorrow, everything from machinery, power control systems, industrial sensors and even thermostats will be targets. In the case of machinery, it could impact the safety and well-being of workers, dramatically increasing the stakes beyond just the ransom money.