By Steve Bittenbender
Editor, Government Security News
The ransomware attack that plagued the globe on Friday must serve as a “wake-up call” to both industry and government leaders that the time for urgent action is now. That’s how one of Microsoft’s top executives reacted to the “WannaCrypt” attack that targeted computer systems in various industries worldwide, including healthcare and government systems.
“WannaCrypt,” also dubbed “WannaCry,” was a ransomware attack that paralyzed hospitals in Great Britain and even FedEx in the United States, although the attack seemed to focus mainly on Russian servers based on information provided from Kapersky Labs. A ransomware attack is where a hacker encrypts files and threatens to destroy the data if the ransom – in the case of “WannaCrypt,” it was at least $300 in Bitcoin – is not paid within a certain time.
In a Sunday blog post on Microsoft’s Web site, company President and Chief Legal Officer Brad Smith said the hackers used material stolen from the National Security Agency to perpetrate the attack. The NSA breach had been previously reported, and, in March, Microsoft released a patch to its users to protect them from an attack. While some users updated their systems, others did not, and they were the ones scrambling on Friday.
The ransomware attack “demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers,” Smith said. “The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”
Dan Matthews, a sales engineer with Lastline, said network managers had another option to prevent the attack if they were not able to get the patch installed in time.
He, like other experts, said the ransomware attack served as an important reminder of being proactive in managing cybersecurity risks.
“In practice things are often more complicated and there are legitimate reasons for needing more time to implement a patch,” Matthews said. “Organizations who are unable to deploy Microsoft’s (or other software vendors’) critical patches in a timely manner can instead implement advanced email and network protections that are capable of detecting ransomware and preventing the delivery of these payloads to unpatched computers.”
Ofer Israeli, CEO and founder of Illusive Networks, said he expects hackers will continue to use the stolen NSA material for other attacks.
“In this case, we are seeing an opportunistic ransomware operation, but we can expect the exploit is already being used for surgical targeted attacks, the outcome of which will only be revealed in a few months, due to the time it takes to execute a sophisticated targeted attack,” he said.
Brian Lord, OBE, managing director for British-based PGI Cyber, said the attacks were “always inevitable.”
Lord also echoed Smith’s comments on this being a wake-up call.
“While organizations are distracted by high profile dramatized threats, such as Russian election hacking, they are neglecting basic cyber hygiene measures which can prevent the mass effectiveness of mass ransomware attacks like this,” said Lord, the former director of deputy director for intelligence and cyber operations for Britain’s Government Communications Headquarters.
Smith added that it’s time government leaders readdress their cybersecurity policies, as attacks like “WannaCrypt” are becoming an emerging problem this year. He equated the NSA losing its coding to the military having a few Tomahawk missiles taken.
“This is one reason we called in February for a new ‘Digital Geneva Convention’ to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them,” Smith said. “And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality.”