At first glance the WannaCry and NonPetya outbreaks are no different from the CryptoLocker outbreak of 2015 or the CryptoWall outbreak of 2014. Some of us may even remember the first file-encrypting malware, called PC Cyborg Trojan (aka AIDS Trojan) discovered in 1989. So security insiders may ask themselves in despair: How many fools does it take, to make the same mistake over and over again?
To quote Bob Dylan, “the times they are a changing”, because the recent outbreaks of crypto-ransomware changed the mindset of public, press and ultimately politicians:
- The first ever case of cyber cooperation at EU level between the national Computer Security Incident Response Teams.
- The first EU-wide legislation on cyber security to harmonize and harden network and infrastructure security for both critical infrastructure (energy, water, banking, etc.) and digital infrastructure.
- The first framework for a joint EU diplomatic response to malicious cyber-attacks against one of its members.
- The NATO Cooperative Cyber Defence Centre of Excellence concluded that “the global outbreak of WannaCry and NotPetya called for a Joint Response from International Community”.
Politicians finally realize that cyber-attacks are covert and cross border by nature. Ironically the cloud of confusion related to cyber-attacks also impacts the security industry itself.
According to the Dalai Lama, “A lack of transparency results in distrust and a deep sense of insecurity”. This sense of insecurity was addressed in recent Senate Intelligence Committee hearings in which unsubstantiated allegations were made against Kaspersky Lab. In a response, Eugene Kaspersky, CEO of Kaspersky Lab, said he would allow his source code to be reviewed by US officials, adding that he was ready to testify before U.S. lawmakers as well. “Anything I can do to prove that we don’t behave maliciously I will do it.”
Code reviews are not uncommon to acquire government contracts in the China, Russia and the US (the EU officially prefers open source software). Besides intellectual property issues, source code is the intellectual capital of a software firm. By disclosing the source code, a company risks leaking its competitive advantage. Symantec for example refused to disclose their source code to the Russian FSTEC, but other IT companies like Cisco, IBM and McAfee agreed.
At AV-Comparatives we contribute to transparency by providing systematic testing of security software. Being the first test lab to be both ISO and EICAR certified, we have committed ourselves to maintaining the highest standards.