How WannaCry demonstrates the dangers of homogeneous, unpatched networks

Whenever history seemed to repeat itself, my Granny used to quip, “same song, different verse.” As the WannaCry (WNCRY) ransomware spread like wildfire in a dry forest, I heard the familiar refrain and discordant notes of previous worms: Blaster (2003), Welchia “Nachi” (2003), and Conflicker (2008). Each of these worms spread via well known flaws in Microsoft Windows for which patches were already available. Why then, after a decade and a half, are we still seeing worms spreading via known flaws? I believe there are three root causes:

  • Upgrading is hard and expensive
  • Patching seems risky
  • Homogeneous environments are really vulnerable to worms

Our CEO Barry Mainz noted, “Every company is going through an evolution in enterprise computing, from legacy to modern.” This category of modern operating systems includes mobile OSes Android and iOS, as well as Windows 10. In this new world, IT organizations will need to adapt to a different and much faster way of handling upgrades and patches – and to the new reality of a heterogeneous environment.

Upgrading is hard and expensive

So many organisations are still running obsolete operating systems that Microsoft issued a patch for Windows XP, which the company had officially stopped supporting over three years ago.

Why were these organizations still running an unsupported version of Windows? The answer is that upgrading is hard and expensive. Upgrading can mean having to buy new licenses for third party software as well.

Then there are the challenges with systems that interact with expensive hardware devices. Take medical scanners as an example. Controlling these devices requires specific software and device drivers that may not run on newer OSes, and there’s the risk that upgrading the OS may void the warranty on a system that costs hundreds of thousands of dollars to purchase and maintain. We used to call these “embedded devices” but now they’re “Internet of Things” (IoT) devices. They present new challenges, which we’ll return to later.

Now, contrast all the difficulty and expense in legacy computing with what happens in mobile computing. According to 9To5Mac, iOS 10 was running on over 65% of devices within 27 days of release. With that kind of adoption rate, it’s safe to assume that upgrading mobile devices is relatively painless and cheap. One key thing about mobile OS architectures is that applications are not allowed to tie themselves too closely to the OS. Thus, they’re less likely to break after an upgrade. The App Store model also gives mobile OS vendors the opportunity to test each new release with large numbers of 3rd party applications; something that is not easily accomplished in the legacy computing world.

Patching seems risky

In a legacy computing environment, fixes are distributed individually. This lets IT pick and choose which security fixes to apply, but it also means there are a huge number of potential patch combinations installed on any given…

Continue reading from the original source…

Leave a Reply

Your email address will not be published. Required fields are marked *