Secdo Blog

Webinar: Was WannaCry just a smokescreen for something far more dangerous? IDT Corp’s CIO has first-hand proof that it was.

Register for the webinar on July 20, 1 pm EST/10 am PST to learn about, ‘behind the scenes’ of this evasive attack directly from Golan Ben-Oni, IDT’s internationally acclaimed CIO and Gil Barak, CTO of Secdo.


A massive cyber attack that relies on state-grade cyberweapons developed by the NSA, has been hiding in the shadows of it’s highly publicized siblings, WannaCry and NotPetya. Both of these attacks pale in comparison to the next big cyberattack that may already be in the making.

As published in the report released by Secdo on May 17th, a new evasive attack that leaves no trace has been infecting organizations using NSA exploits weeks before WannaCry was unleashed. With all eyes on WannaCry, no one was paying attention to a much more advanced attack on IDT’s systems that happened in April. In an interview with the New York Times, Ben-Oni, the internationally acclaimed cybersecurity expert and CIO at IDT corporation, this attack was “a nuclear bomb compared to WannaCry”.  


The IDT assault used two NSA cyberweapons: EternalBlue and DoublePulsar. In IDT’s case the ransomware was deployed by the attackers as a cover for their real motive. The ransom demand was just a smokescreen for a much more sophisticated and invasive attack meant to steal employee and contractor credentials. What is even more concerning, the attackers have managed to bypass every major security detection mechanism along the way.

The assault was completely missed by leading cybersecurity products, the top security engineers, government intelligence analysts and the F.B.I., which remains consumed with the WannaCry attack.


Having Secdo present on the targeted endpoints allowed IDT cyber security team to record the attacks in real-time and to discover the full scope of the damage. They were able to record almost everything the attackers did on the endpoints, because Secdo’s preemptive incident response solution was deployed beforehand. Secdo acted as “the black box” and recorded every action on endpoints and servers at the thread level, which allowed IDT’s security team to play-back and analyze the attack in great detail.

The questions remain: Are we really safe now? How many organizations are compromised but still do not know it? The chances that IDT was the only victim of this attack are slim. Mr. Ben-Oni is convinced that these tools can and will keep being used to do far worse.

“Our industry likes to work on known problems,” says Ben-Oni. “This is an unknown problem. We’re not ready for this.”

Join our webinar to learn more about this evasive attack directly from Golan Ben-Oni, IDT’s internationally acclaimed CIO and Gil Barak, CTO of Secdo, who will speak about Secdo’s unique endpoint visibility that enabled IDT to spot this highly sophisticated thread-injection attack.


  • How the new threat was able to compromise organizations worldwide unnoticed.
  • Why continuous endpoint visibility is vital to prepare for new types of attacks.
  • How Secdo delivers thread-level endpoint visibility to investigate and the tools to respond to new threats.

Register for the webinar on July 20, 1 pm EST/10 am PST.


Connect with us

Stay connected

whitepaper banner-280X233.png