Lessons learned from the WannaCry outbreak

Friday 6 October 11:00 - 12:30, Small talks

Razvan Gavrila (ENISA)

The recent WannaCry outbreak has attracted a substantial amount of attention. Both the security research community and the mainstream media have covered the topic extensively. The flood of technical and non-technical information being shared on social media together with a mixture of facts and speculative assessments led to the propagation of fuzzy crowd-sourced analyses in the public domain. Trolling-like attempts, such as patching the malicious binary to disable the kill-switch, propagation of unconfi rmed information by mirroring, and the indistinguishability of authoritative sources from Internet noise could signal the dawn of fake news in cybersecurity.

During the outbreak, ENISA focused on building a coherent narrative and on fact checking the claims which were being made publicly by various entities. Parts of our analysis, have been made available online. Some of the patterns we have seen during the WannaCry outbreak emerged again during the early phases of the (not)(eternal)Petya outbreak. In the context of the Virus Bulletin Conference in Madrid 2017, ENISA would like to open the floor for an honest discussion on:

  • Fake news in the cybersecurity domain
  • The importance of fact checking in cybersecurity
  • Threat information sharing platforms: limits and the importance of context
  • Operational analysis needs and actionable IOCs
  • Ethics in cybersecurity.

The format of the discussions will be based on a series of questions revolving around the mentioned themes, with direct references to the recently witnessed outbreaks. At the end of the session a summary will be prepared by ENISA and shared with the organizers.



Razvan Gavrila

Razvan Gavrila has been playing the bad guy and skeptic for the European Agency for Network and information Security since 2011. Up until recently, Razvan has been part of ENISA's core team responsible for organizing large-scale, highly realistic, cybersecurity simulations for EU nations and institutions. In addition, Razvan is one of ENISA's trainers of the artifacts analysis and memory forensics courses. As of 2016, Razvan has been assigned to facilitate, on behalf of ENISA, the European Cyber Security Challenge, a project which aims to scout for new cybersecurity talent in Europe.

Razvan holds an M.Sc. in information security from the Romanian Military Technical Academy and his main research interests are threat agent modelling and lateral thinking. 







Other VB2017 papers

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.