{"id":776,"date":"2018-05-17T15:25:57","date_gmt":"2018-05-17T15:25:57","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132047"},"modified":"2018-05-17T15:25:57","modified_gmt":"2018-05-17T15:25:57","slug":"one-year-after-wannacry-a-fundamentally-changed-threat-landscape","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/","title":{"rendered":"One Year After WannaCry: A Fundamentally Changed Threat Landscape"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2017\/12\/06222005\/AdobeStock_155916181.jpeg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>It\u2019s been one year this week since the ransomware known as WannaCry infected more than 200,000 machines in 150 countries, causing billions of dollars in damages and grinding global business to a halt. The speed and scale of the attack \u2013 helped along by leaked National Security Agency hacking tools \u2013 was obviously notable, but it\u2019s WannaCry\u2019s legacy that resonates today. The cyber-landscape has fundamentally changed, with threat actors increasing almost exponentially in their capabilities, sophistication and ambition.<\/p>\n<p>\u201cWannaCry changed the cybersecurity game, not just through its outsized impact; it made waves because of its outsized influence on the cyber-threat landscape,\u201d Check Point researchers said in <a href=\"https:\/\/blog.checkpoint.com\/2018\/05\/15\/one-year-later-wannacry-dawn-new-generation-cyber-attacks\/\">a blog<\/a> breaking down the implications. \u201cMarking a turning point in the cybersecurity environment, we were looking at the first global-scaled, multi-vectored cyberattack powered by state-sponsored tools. WannaCry marked a new generation\u2026of cyberattacks.\u201d<\/p>\n<p>In the year since WannaCry, ransomware has given way to <a href=\"https:\/\/threatpost.com\/cryptomining-gold-rush-one-gang-rakes-in-7m-over-6-months\/130232\/\">cryptomining<\/a> as the go-to payload for cybercriminals. Cryptojacking in fact increased 8,500 percent in the last quarter of 2017, and made up 16 percent of all online attacks, according to Juniper Networks analysis. But ransomware isn\u2019t waning: Numbers from Avast show that since the original attack, there have been more than 176 million attempted new WannaCry attacks globally.<\/p>\n<p>We talked to several security researchers about what\u2019s changed in the past year.<\/p>\n<p><strong>Arms Race<\/strong><\/p>\n<p>So what does \u201cfundamental change\u201d actually mean? For one, the use of nation-state-developed hacking tools has become widespread. WannaCry was the direct result of the Shadow Brokers hacker group stealing and then leaking exploits developed by the NSA. One of them, EternalBlue, <a href=\"https:\/\/threatpost.com\/leaked-nsa-exploit-spreading-ransomware-worldwide\/125654\/\">was used in WannaCry<\/a>, and just six weeks after that, <a href=\"https:\/\/threatpost.com\/ukrainian-man-arrested-charged-in-notpetya-distribution\/127391\/\">NotPetya<\/a> used the same exploit in its infamous attack. The genie was out of the bottle, and quickly, too.<\/p>\n<p>EternalBlue and additional weapons from the trove have cropped up everywhere since then, in multiple campaigns spreading <a href=\"https:\/\/threatpost.com\/eternalblue-exploit-used-in-retefe-banking-trojan-campaign\/128103\/\">banking trojans<\/a>, other kinds of ransomware and, this year, <a href=\"https:\/\/threatpost.com\/pyromine-uses-nsa-exploit-for-monero-mining-and-backdoors\/131472\/\">cryptomining code<\/a>. Just recently, the SamSam ransomware attack that <a href=\"https:\/\/threatpost.com\/ransomware-attack-cripples-several-atlanta-city-systems\/130739\/\">shut down the city of Atlanta<\/a> and cost it $5 million in damages and clean-up costs relied on DoublePulsar \u2013 another NSA-developed exploit in use now <a href=\"https:\/\/threatpost.com\/nsas-doublepulsar-kernel-exploit-in-use-internet-wide\/125165\/\">across the internet<\/a>.<\/p>\n<p>\u201cIn the past, cybercriminals traditionally used simplistic, homegrown tools for their hacking activities,\u201d Check Point researchers noted. \u201cWannaCry marked the shift toward using military-grade weapons, hacking tools that are powerful enough for a national cyber-defense agency to use on international cyber-warfare.\u201d<\/p>\n<p><strong>Bigger, Multi-Vector Attacks<\/strong><\/p>\n<p>As befits the use of industrial-strength tools, WannaCry also demonstrated the potential for severe, large-scale cyber-attacks. Campaigns today go after ever-greater paydays, and the space is attracting well-funded criminal organizations looking to develop lucrative hacking operations. The surge in ransomware outlines this: Check Point analysis shows that in 2015, ransomware attacks caused $325 million in damage. Last year, attacks were up 15-fold, costing $5 billion in damages.<\/p>\n<p>\u201cEven the most sophisticated of these ransomware attacks emerging today are just the tip of the spear,\u201d Derek Manky, global security strategist at Fortinet\u2019s FortiGuard Labs, told Threatpost. \u201cCybercriminals are adopting new attack strategies, such as those used by <a href=\"https:\/\/threatpost.com\/mirai-and-hajime-locked-into-iot-botnet-battle\/125112\/\">Hajime<\/a> and Hide-and-Seek, to accelerate both the scale and success of attacks.\u201d<\/p>\n<p>In tandem with this, there has been a sea-change in attack vectors. WannaCry established the concept of the \u201cransomworm\u201d \u2013 code that\u2019s able to spread through cloud networks, remote office servers and network endpoints alike, needing only one entry point in order to infect the entire system.<\/p>\n<p>\u201cThis multi-level approach allowed WannaCry to easily overwhelm companies that followed the usual security strategy of picking their favorite product from different vendors for each entry point,\u201d Check Point researchers said.<\/p>\n<p>However, since then, there has been an evolution towards more sophisticated variations of this approach.<\/p>\n<p>\u201cThese new variants are transitioning away from traditional ransomworm-based attacks, which require constant communication back to their controller, and replacing them with automated, self-learning strategies, potentially turning malicious ransomworms into \u2018ransom-swarms\u2019,\u201d Manky said. \u201cFuture attacks are likely to leverage things like swarm intelligence to take humans out of the loop entirely in order to accelerate attacks to digital speeds.\u201d<\/p>\n<p>He added, \u201cCybercriminals have been using an attack-on-all-fronts strategy that has been especially effective.\u201d<\/p>\n<p><strong>A Physical Threat<\/strong><\/p>\n<p>The stakes are higher than ever before as well: WannaCry demonstrated that cyberattacks can introduce real, physical risks into the equation. It famously hit Britain\u2019s National Health Service (NHS), and attacked a wealth of <a href=\"https:\/\/threatpost.com\/patches-pending-for-medical-devices-hit-by-wannacry\/125758\/\">medical devices<\/a>, like medical imaging machines.<\/p>\n<p>\u201cPatients in the U.K. lost valuable medical response time (and it is very likely that one could honestly say WannaCry ended up causing mortal harm to some),\u201d Bob Rudis, chief security data scientist at Rapid7, told Threatpost. Rapid7 research recently determined that WannaCry was still the sixth most-prevalent threat in the first quarter of 2018. \u201cWannaCry and NotPetya both ended up causing hundreds of millions of dollars in damages to medical production lines and other business processes.\u201d<\/p>\n<p>The ability to issue an epic beat-down on connected devices beyond the PC has become part of the new normal thanks to WannaCry \u2013 a state of affairs that\u2019s set to worsen. Brian NeSmith, CEO and co-founder at Arctic Wolf Networks, told us that, essentially, every company and every device is a target.<\/p>\n<p>\u201cFor industries like healthcare, ransomware puts the lives of people at risk,\u201d he said. \u201cRansomware is likely to evolve and expand to IoT devices and wreak even more havoc. Today, the focus is on PCs, but tomorrow, everything from machinery, power control systems, industrial sensors and even thermostats will be targets. In the case of machinery, it could impact the safety and well-being of workers, dramatically increasing the stakes beyond just the ransom money.\u201d<\/p>\n<p><strong>Increased Awareness<\/strong><\/p>\n<p>WannaCry\u2019s legacy is not all bad news: the event has also increased cyber-awareness, and that\u2019s never a bad thing.<\/p>\n<p>\u201cThe biggest impact WannaCry had (in the UK at least) was to take ransomware from the domain of IT and security professionals to the boardroom, the newsroom and Parliament,\u201d Oscar Arean, technical operations manager at Databarracks, told us. \u201cParticularly in small and medium-sized enterprises, there hasn\u2019t been adequate investment in awareness, and there\u2019s been a lax attitude to the risks of running systems beyond end-of-life. The benefit of WannaCry is that now, when an IT manager at a small business asks for budget for systems upgrades from their CFO and the board \u2013 they can point to the example of the NHS to justify the expense.\u201d<\/p>\n<p>Rishi Bhargava, co-founder at Demisto, told Threatpost that the awareness level was particularly raised in healthcare environments.<\/p>\n<p>\u201cWannaCry was unique because this was the first large ransomware attack targeted at the healthcare vertical and affected not only computers, but also many medical devices like MRI machines,\u201d Bhargava said via email. \u201cOverall, WannaCry did not fundamentally change the security tools or the approaches or people\u2019s perception, but it did raise awareness of the best practices in healthcare organizations.\u201d<\/p>\n<p><strong>As Much as Things Change\u2026<\/strong><\/p>\n<p>Despite better awareness, poor security practices (including a lack of simple patch updates) continue to plague companies. Overall, a Check Point survey found that just 3 percent of U.S. organizations are prepared for another WannaCry-like attack.<\/p>\n<p>\u201cCompanies need to make sure they are doing the basics,\u201d NeSmith said. \u201cDeploy patches, update antivirus clients and train employees on security best practices. The defense strategy needs to define how a ransomware infection will be contained and how it will be remediated. This will require a smooth process for detection, triage and execution of the remediation plan.\u201d<\/p>\n<p>Patching works, after all. \u201cWhile WannaCry tore through organizations like the NHS, companies that kept their systems updated with the latest patches, performed backups and took proactive security measures emerged unscathed,\u201d Ken Spinner, vice president of global field engineering at Arctic Wolf, told Threatpost. \u201cPlenty of others heard the wake-up call but hit the \u2018snooze\u2019 button. Hope is not a strategy to prevent the next major cyberattack from hitting your company, yet some are mistaking good luck for sound preparation and effort.\u201d<\/p>\n<p>Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, laid out the basic best practices for us: patch; back up critical data and test your backups regularly; segment the network and make sure access to different segments is offered only on a business need; do not give admin privileges to all users if not needed; mount remote file systems on a system only if needed; and disable SMBv1 and make sure SMBv2 is not exposed to the internet. SMB, which is Microsoft\u2019s file-sharing system, contains the vulnerability that EternalBlue, EternalRomance and other NSA tools exploit.<\/p>\n<p>\u201cEvery board of directors should be asking its CISO about the company\u2019s backup strategy,\u201d Hahad told Threatpost, adding that there are also 2.3 million observable devices left out there with SMBv1 exposed to the internet. \u201cA ransomware attack should be a blip on the radar that wastes people\u2019s time to restore from backups, not a week-long debacle of trying to restore service and deciding whether to pay the ransom or not.\u201d<\/p>\n<p>He added, \u201cThe same mitigation techniques that have been recommended over and over again are still relevant and effective to minimize the impacts of a ransomware attack, but it comes down to actually implementing them.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/threatpost.com\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/132047\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threatpost talked to several security researchers about what&#8217;s changed in the past year. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":777,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[556,18,77,28,557,558,559,396,91,560,561,19,562],"class_list":["post-776","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-anniversary","tag-hacks","tag-iot","tag-malware","tag-multivector","tag-nsa-exploits","tag-one-year","tag-patching","tag-ransomware","tag-ransomworm","tag-threat-landscape","tag-vulnerabilities","tag-wannacry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>One Year After WannaCry: A Fundamentally Changed Threat Landscape 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"One Year After WannaCry: A Fundamentally Changed Threat Landscape 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-17T15:25:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape-1024x683.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"One Year After WannaCry: A Fundamentally Changed Threat Landscape\",\"datePublished\":\"2018-05-17T15:25:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/\"},\"wordCount\":1532,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg\",\"keywords\":[\"anniversary\",\"Hacks\",\"IoT\",\"Malware\",\"multivector\",\"NSA exploits\",\"one year\",\"Patching\",\"ransomware\",\"ransomworm\",\"threat landscape\",\"Vulnerabilities\",\"WannaCry\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/\",\"name\":\"One Year After WannaCry: A Fundamentally Changed Threat Landscape 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg\",\"datePublished\":\"2018-05-17T15:25:57+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg\",\"width\":6000,\"height\":4000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"anniversary\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/anniversary\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"One Year After WannaCry: A Fundamentally Changed Threat Landscape\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"One Year After WannaCry: A Fundamentally Changed Threat Landscape 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/","og_locale":"en_US","og_type":"article","og_title":"One Year After WannaCry: A Fundamentally Changed Threat Landscape 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-17T15:25:57+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape-1024x683.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"One Year After WannaCry: A Fundamentally Changed Threat Landscape","datePublished":"2018-05-17T15:25:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/"},"wordCount":1532,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg","keywords":["anniversary","Hacks","IoT","Malware","multivector","NSA exploits","one year","Patching","ransomware","ransomworm","threat landscape","Vulnerabilities","WannaCry"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/","url":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/","name":"One Year After WannaCry: A Fundamentally Changed Threat Landscape 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg","datePublished":"2018-05-17T15:25:57+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape.jpg","width":6000,"height":4000},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/one-year-after-wannacry-a-fundamentally-changed-threat-landscape\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"anniversary","item":"https:\/\/www.threatshub.org\/blog\/tag\/anniversary\/"},{"@type":"ListItem","position":3,"name":"One Year After WannaCry: A Fundamentally Changed Threat Landscape"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=776"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/776\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/777"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}