Boeing a victim of WannaCry cryptoworm ransomware a year after outbreak

The first rule of cyber security is create a complete inventory of the organization’s hardware and software, because you can’t defend what you don’t know is there.

Arguably the second rule is have a rigorous patch management system to update everything in the inventory.

Boeing seems to have violated both after being victimized Wednesday by the WannaCry ransomware cryptoworm. The Seattle Times reported that initially an executive flashed a memo saying the malware was “metastasizing rapidly” in a South Carolina plant. However, later Linda Mills, the head of communications for Boeing Commercial Airplanes, said in a statement that “the vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”

It is surprising that a company as big as Boeing was caught out by this malware, which began spreading in May 2017 . It could have been stopped by installing a Windows patch from Microsoft released in April. Believed to have been sprung by the Shadow Brokers, Wannacry includes what has been called the EternalBlue exploit apparently found and stolen from the U.S. National Security Agency which leverages a bug in Windows Server Message Block (SMB) protocol. Microsoft released information on the problem on March 14, 2017 along with security bulletin MS17-010, then put out patches in April.  The malware spread like a worm by scanning systems linked by a network to any machine it infected.

There was no shortage of publicity when Wannacry began in rapidly replicating itself in May. An estimated 200,000 computers were infected in 150 countries, including the U.K.’s health care system, a Nissan car manufacturing plant in Britain and FedEx.

In December the U.S. declared that North Korea was behind the release of the ransomware.

Apparently Boeing had at least a few computers that hadn’t been patched with the Microsoft fix, released almost a year ago.

While there are automated discovery and patching solutions, they aren’t always perfect. Equifax found that out the hard way after it was stung by an attack that leveraged a known vulnerability in the Apache Struts framework. According to testimony before Congress by the company’s former CEO, Equifax’s security team knew about a warning issued by the US-CERT. Company policy is that patches have to be installed within 48 hours. But, due to “human error” by an unnamed person, the patch wasn’t applied. On top of that a software scan of its systems which should have discovered the patch hadn’t been applied missed it.

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News