The Growth in Cyberattacks Makes You Wannacry

William Gibson, the cyberpunk author, famously said,

     The future is here already, it’s just unevenly distributed.

The complement of that insight is that the past stays with us long after it might, because it’s unevenly departed.

The recent Wannacry ransomware attack, which began on May 12, has infected over 200,000 computers in more than 100 countries. The worm relies on vulnerabilities in old, old, old versions of Microsoft’s Windows operating system versions lacking security patches, notably Windows XP.

The flaws used had been published by the Shadow Brokers hacker group last month, and were attributed to a trove amassed by the NSA. Microsoft responded with patches for it’s supported OS’s at that time, and with the emergence of Wannacry undertook the unusual step of releasing patches for no-longer-supported versions of Windows.

The damage from the ransomware was moderated by a kill switch discovered by a young UK resident, Marcus Hutchins. But perhaps the most interesting (frightening?) link is back to a hacker group linked to North Korea called ‘Lazarus’, a group formerly linked to the 2016 theft of $81 million from the treasury of Bangladesh and the infamous email hack of Sony in 2014.

So, a collection of malware techniques is heisted from the US, via the NSA, by international hackers, and later used on a global ransomware exploit by a second hacker group affiliated with North Korea. Starting to sound like a cyberthriller, one that ends up with nuclear missiles en route to the US from North Korea being hacked at the last second by a 22-year-old in the UK. Except that’s not fiction, that could be next week’s newspaper headlines. Let’s just hope North Korea is using unpatched XP machines, and US Missile Command isn’t.

The obvious takeaway is to institute rational security policies, including applying all OS patches, and decommissioning OS’s that are obsolete, and by extension, foundationally insecure. But the less obvious insight is that state actors — the US and North Korea, in this case — are involved in initiatives that are likely to cause future insecurity for every business and person on earth.

At the same time, many security researchers still believe the worst security risks for business are CEO’s and other senior executives being hacked in public hotspots, like coffee shops and hotel lobbies. 68% of companies polled banned employee use of public hotspots, at least to some degree. So, we’re also at risk because of the security policies at Starbucks, Hilton, and Panera.

And now, hackers are using social media to gain access to the computer of a Pentagon official. So be careful of what you click on in Twitter, because the fish they are ‘spear-fishing’ is you.

Is Cloud Computing Slowing?

Some have looked at the slowing revenue growth of Amazon’s AWS as a bellwether of the cloud computing market as a whole. After all, AWS is 25% of the cloud computing market, trailed by Microsoft, and Google. But perhaps those observers are drawing the wrong conclusion, according to Eugene Kim. The slowdown is due to discounts that large users gain by purchasing years of cloud computing in advance:

The Amazon unit has seen seven straight quarters of slower revenue growth. Last quarter, AWS grew 43% year over year, down from 64% a year earlier. Wall Street firm Pacific Crest last month forecast AWS’s growth to dip below 30% for the first time by the end of 2018. AWS dominates the public cloud computing market, with a 40% share, which is more than Microsoft, Google, and IBM combined, according to Synergy Research Group.

Some of that revenue slowdown is to be expected, now that AWS is on pace to hit $14 billion in annual revenue, making red-hot growth rates of past years harder to maintain. But analysts say part of the slowdown is due to the greater discounts that AWS is offering through the long-term commitment deals.

AWS offers discounts as big as 75% off the price of pay-as-you-go, it says, in exchange for a one-year or three-year purchase commitment. Paying upfront isn’t required but carries the biggest discounts. For customers, taking the discount is an easy call. As Moovweb CEO Ajay Kapur said, “if you know you’re going to use a certain type of server for a year, you’d rather pay 70 cents than a dollar for it.”

So, Amazon gets at least some — probably a lot — of that unrecognized revenue in cash payments upfront for multiple years, which is effectively allowing it an interest-free infusion of capital that converts to revenue in the out-years. And Amazon being Amazon, they will invest that aggressively in the company’s many moonshots, like Alexa, FireTV, and the Amazon Goggles (for AR) — which I am predicting for Christmas.

(Want to learn more about the Future of Cloud in the enterprise? Request an invite to the next Velocity Network session June 28th in NYC on Cloud Infrastructure and Security).