Viscuso says many companies wait until the next patching cycle to roll out something. Utilizing a Microsoft Windows vulnerability and the malicious software meant to exploit it, unidentified hackers used tools first revealed in April after classified information was stolen from the National Security Agency.
Advertisement
Why was the WannaCry attack so bad?
Can you imagine? Software that could hold a city’s sewage system for ransom? But, as Bitcoin and security expert Andreas Antonopoulos explained, when initiating investigations into drug trafficking, law enforcement focuses on finding the origin of the drugs and the masterminds behind the distribution process, rather than which financial method was used to incentivize the distributors. “That’s the immediate new frontier with this type of hacking”. The average ransom across all attacks known to security software provider Symantec in 2016 was $1,007.
What about ransomware on smartphones?
Less than 300 payments worth around $83,000 had been paid into WannaCry blackmail accounts by Thursday (1800 GMT), six days after the attack began and one day before the ransomware threatens to start locking up victim computers forever.
According to one security expert, that’s because the systems for updating smartphone operating systems are generally pretty good. He said using the WannaCry crisis to encourage customers to move on to newer software was in part self-serving, since Microsoft’s business model has shifted and it makes more from its newer software than it did when it sold XP. Given the ever-changing nature of cyber-threats, its more important than ever that these issues be addressed pro-actively.
Cyber-attacks on the scale of WannaCry may remind organisations about the need to maintain their IT security.
What else might be the next battleground for ransomware?
Failing to test patches for incompatibilities is risky, Viscuso says. But it will improve intelligence services’ accountability and, at the very least, force them to take better care of any dark stuff that comes into their hands.
“Manufacturers are promising support for perhaps three years”.
The WannaCry cyber-attack has gripped news headlines around the world.
“John Dickerson decides to run for office in 2018, and, all of a sudden, your credit card records get dumped in some sort of a cyber-hack leak, and 97 percent of those records are going to be real”.
The firm is still working to establish attribution for the attacks, but Kalember pointed out that North Korean-backed Lazarus Group – the same hacker group linked to the WannaCry attacks – launched a similar cryptocurrency mining attack in late 2016.
“The size of the outbreak is indicative of the number of machines out there which have not been patched with security updates”. Over the course of the attack, the majority of mainstream media outlets in the United States continued to emphasize the involvement of bitcoin in the attack, rather than the utilization of the NSA tool which was developed using taxpayers’ money. Recovery from backups are the best course of action. Nevertheless, the risk to these devices is real, and avoidable, Plus, there are risks beyond security to using devices with obsolete operating systems.
Advertisement
It’s a scary scenario for politicians, some of whom heard testimony calling into question the military and intelligence sectors’ ability to defend the USA from cyber attacks just last week, in a hearing of the Senate Armed Services Committee.
