By Alicia Figurelli
The largest global cyberattack the world has ever seen swept across 150 countries and hundreds of thousands of computers this past Friday, affecting hospitals, government agencies, manufacturers – and the collision repair industry.
WannaCry – a type of malicious software known as “ransomware” that restricts access to the victim’s computer or network, and threatens deletion of data unless a ransom is paid – started spreading late last week across the world. In this instance, hackers demanded $300 from their victims in a set timeframe. Companies affected by the attack represented a variety of sectors including healthcare (Britain’s National Health Service), telecommunications (Spain’s Telefonica) and logistics (FedEx), according to Forbes. Much closer to home for repairers, Mitchell International, French auto manufacturer Renault and their alliance partner Nissan were also impacted by WannaCry, according to Automotive News.
The attack occurs following what Forbes reported was the NSA’s discovery of a vulnerability in Microsoft’s software called EternalBlue. The vulnerability was patched by Microsoft when it was leaked by a group of hackers calling themselves the Shadow Brokers earlier this year; however, those with older versions of Windows or without Windows Updates were affected, since these were not patched by Microsoft and therefore left open to attack.
The WannaCry ransomware could arrive to the intended victim as an email attachment or available download. The user would have to click on or download the attachment or file to infect the computer.
While Mitchell did not release details on what exactly transpired that alerted them to the attack, the information provider did take measures to protect their customers. In an act of proactivity, Mitchell customers were taken offline for approximately 48 hours while the effects of the attack were investigated, with some users still experiencing outages as late as Monday morning.
“When we became aware of interference with some of our server-based products, in an effort to ensure data security and protect customer systems, we shut everything down,” said Jack Rozint (Mitchell) in a statement Monday. “[The interference] was the ransomware that was consistent with the international incident…WannaCry, as it’s known. We took the systems down proactively to protect customer data.”
Automotive News reported Renault stopped production at several European sites on Saturday to prevent the spread of the attack, while Renault alliance partner Nissan’s manufacturing plant in Sunderland, northeast England, was also affected.
“Like many organizations around the world, some Nissan entities were recently targeted by a ransomware attack,” shared Nissan in a prepared statement. “Our teams are responding accordingly and there has been no major impact on our business. We are continuing to monitor the situation.”
It may appear that the WannaCry rate of infection has waned over the weekend – the White House noted on Monday that less than $70,000 had been netted by hackers, and that it is aware of no instances of data recovery for those who paid the ransom. But Stephen Soble and Jack Dufrene, CEO and chief technology officer (respectively) of Assured Enterprises – a company offering “cybersecurity for the 21st century and beyond” – note that the threats may be just beginning. The two stressed that an attack like this would not have been planned spur of the moment; nor could it necessarily be considered over with just yet.
“This was planned for a long time…to do this on a Friday when it had the biggest bang for its buck,” says Dufrene. “The real question is, is this basically hiding something else that might have been done? These organizations that have been attacked need to step back and say, ‘This is a sign that someone has been in my system for a long time. Is there something else they left behind that was really the main purpose?’
“A lot of times, hackers will do multiple attacks at the same time…they may have put other code into the system and then run the ransomware. So they’re hiding the real attack with the ransomware attack.”
“We don’t know the real purpose behind WannaCry,” notes Soble. “It may be that this is diversionary, and that they’re trying to do something else.”
Is there a way that repairers can protect themselves from future cyberattacks like WannaCry? As of Monday, Mitchell was “in the process of preparing a note to all our repair customers giving them some tips on how to protect their own internal systems based on our experience,” per Rozint. On a broader scale, Soble recommends that end-users of any software make sure they’re up to date on updates and patches.
“One company we worked with told us they didn’t install any patches or software updates for six months after release because they wanted to make sure the software was stable. What that did was make them the low hanging fruit in the industry – you’re the one who didn’t implement it, out of all the people in the community who fixed problems.”
“Over 70 percent of the successful cyberattacks that happen out there are really focused on vulnerabilities that have been out for at least a year, that we’ve all known about,” adds Dufrene. “[The vulnerabilities] can be in any software. The problem is that we haven’t fixed them; we haven’t been diligent in identifying or fixing them, or removing them. But it’s not as easy as it sounds. New vulnerabilities occur every day. If it’s a third party application, you go back to the original manufacturer of the software. A lot of these companies are focused on getting patches from the manufacturers, but if people don’t download those and implement them, those vulnerabilities stay there for a long time. It’s the easiest way to get into a system. Why go beat down the front door that’s locked when the patio door is wide open?”
“If [your software] says anything about security functionality or a patch, you should implement those,” advises Soble. “And implement them now. Don’t wait.”
Forbes, May 12, 2017
Mitchell International and Nissan were among the companies worldwide affected by Friday’s WannaCry ransomware attack. (garybaldi/iStock)