Organisations fail to patch punctually and adequately
Leusden – Malware of about three years ago, e.g. the ransomware variant WannaCry and the Mirai botnet, still appear to inflict damage. Cyber-security organisation Tesorion reaches this conclusion based on in-company research. Despite the fact that these forms of malware have already been exposed some time ago, they are still detected regularly by Tesorion Immunity. This means that organisations unnecessarily continue running the risk of a denial-of-service or ransomware attack.
Those who expected that the role of the Mirai botnet and the WannaCry virus would have been finished after their exposure in, respectively, 2016 and 2017 will end up catching a cold. Between July 2019 and June 2020, these old forms of malware were detected many dozens of times on business networks protected by Tesorion. With a peak during the start of the new school year in 2019 and during the outbreak of the coronavirus crisis.
Mirai mostly operates on IoT devices, e.g. video cameras and routers for home use. In September 2016, large amounts of infected devices were used to launch a large-scale and specific denial-of-service attack. The problem is that these devices are difficult to patch and the figures show that numerous organisations did not react (properly) to this.
In 2017, the WannaCry ransomware inflicted unprecedented damage at large businesses like Renault, National Health Service, Q-Park, Deutsche Bahn, and more. Although a Windows patch had already been available for quite some time, these organisations nonetheless appeared to be too late. Even today, infected systems are still detected.
Patch, patch, patch
Ernst Veen, Product Manager at Tesorion: ‘We are quite shocked by the fact that we are still detecting relatively large numbers of old malware infections. This indicates that the patch policy of organisations is still not in order. Despite the fact that Mirai and WannaCry were detected many years ago, they can still inflict considerable damage. We continue to stress that organisations keep their software up to date. If it is not possible to patch a device, e.g. a security camera, then make sure that this device is replaced. At the same time, we recommend regularly creating back-ups and segmenting the network. If security incidents take place all the same, then you can easily isolate them and limit the damage.’
To measure is to know
Tesorion Retrospect #1
In the Tesorion Retrospect #1 we look back at the past year, one in which the coronacrisis has severely disrupted the continuity of many businesses. Learn more about how COVID-19 gives hackers free rein on business networks.Read our research report