The recent WannaCry attack started on a Friday and it was feared that the results would be far more severe on Monday, as workers trickled back from the weekend. The fraudulent wires from Bangladesh Bank that resulted in $81M lost also happened on a Friday. A detailed account of how this weekend timing allowed hackers to get away a large sum (rerouted to the Philippines) with is described in this Reuters investigation.
Attribution in each case has veered towards a state-sponsored attacker that is interested in financial gain. The finger of suspicion points to North Korea in both cases. Lamont Siller, an FBI officer in the Philippines in a speech said, “We all know the Bangladesh Bank heist, this is just one example of a state-sponsored attack that was done on the banking sector.” Symantec in a blog update reported “that its researchers found hacking tools that are ‘exclusively used by Lazarus’ on machines infected with early versions of WanaCryptor, aka WannaCry.” Lazarus is thought to have originated in North Korea.
All righty then, 1) attacks are state sponsored, persistent and advanced, and 2) timed for non-working hours. So are you ready to defend against such attackers? You know, you are not alone. EventTracker’s SIEMphonic service blends award winning SIEM technology with a 24/7 iSOC to give you the cover you need at a price that won’t break the bank.
Want to know more? Here is how we caught WannaCry and what we are doing about it for our customers.