WannaCry and IoT: Vendors react

Among the organizations most gravely affected by the WannaCry ransomware was the UK National Health Service.

According to The Sunday Times, 48 NHS organisations were hit, including about 30 hospital trusts, and as many as many as 70,000 NHS devices including computers, magnetic resonance imaging (MRI) scanners, blood-storage fridges, and theatre equipment may have been affected.

WannaCry IoT

This situation perfectly shows how, along with the security of “traditional” computers, we must also think and do more about the security of so-called Internet of Things (IoT) devices. If that wasn’t clear after the Mirai-fueled DDoS attack on Dyn, it’s definitely clear now.

“IoT is facing more and more vulnerabilities as new devices are introduced,” says Xu Zou, CEO of IoT security solution provider ZingBox.

“We’ve found that approximately 11% of all medical devices are Windows-based devices. Upon further examination, almost all of them (99.8%) are based on legacy OS susceptible to WannaCry. This emphasizes our understanding that current recommendations of downloading the latest patch from Microsoft does not always apply to Internet of Things (IoT) devices.”

In the wake of the attack, ICS-CERT has also noted that some ICS and medical device vendors have reported that they support products that use Microsoft Windows and have proactively issued customer notifications with recommendations and patches for users.

These include Rockwell Automation, Schneider Electric, Siemens, ABB, and Becton, Dickinson and Company. The ICS-CERT alert includes links to those notifications.

Some devices can’t be updated

Finally, and unfortunately, some devices can’t get patched, and in this day and age such a thing is (or should be) unacceptable.

The good news is that the WannaCry epidemic spurred some vendors to do something about that particular problem.

For example, Cisco has announced on Monday that its Product Security Incident Response Team (PSIRT) has started a review of the companies’ products, aimed at identifying which of them do not support automated or manual updates of Microsoft patches.

The effort will likely take a while, but a final list should help users to decide if they want to implement mitigations but continue using these products and risk compromise, or switch to a product that can be patched.

In the meantime, the company provided several Snort rules and a Cisco IPS signature pack to cover the WannaCry ransomware attack.