While officially the Federal Government yesterday was saying that so far only 12 Australian organisations have reported being infected by the WannaCrypt/ WannaCry ransomeware attack, some experts in the security business believe many more may have been attacked, but are staying mum.
Indeed there’s a widespread suspicion in the industry that hundreds of Australian businesses may have been infected, but aren’t letting on.
One observer, Edward Farrell of Mercury Information Security Services, told IT News that analysis the company performed over 24 hours showed that at least 140 organisations had made themselves easy targets via a combination of open ports and unpatched systems.
Around 10 of the 140 are said to be ASX-listed businesses with vulnerable servers at the edge of their networks.
Telstra security expert Darren Paull said in an Internet posting that WannaCry appears to spread over networks, rather than tricking users into clicking malicious phishing links. This means it relies on organisations not having applied Microsoft security patches, he said – and it appears to be finding plenty.
Paull advised businesses running Windows systems to immediately apply Microsoft patch MS17-010; while publicly-accessible SMB services should have inbound traffic on ports 139 and 445 immediately blocked.
Check Point analyst Raymond Schippers urged even small businesses to have at least a basic security plan. This should include backing-up data, and storing it offline, on an encrypted USB key, tape, or similar, he said, and should include how the business will respond and recover to IT security issues.
He added: “It is also important for business to invest in the latest generation of security solutions to prevent rapidly changing and damaging malware like this from damaging their business.”
John Chirhart, federal technical director at US-based Tenable, another cyber-security specialist company, warned that in the healthcare business WannaCrypt may be posing serious risks to patient safety – even possibly leading to patient deaths.
In Britain NHS hospitals have been among those attacked, with possibly fatal consequences, he notes. “The disruption of medical services even by minutes can make the difference between life and death . . . one could argue that this was a terrorist attack and possibly even a war crime. It will be interesting to see what legislation and/or international response will come (if any) about the attack.”
