Tuesday, 25 July, 2017

Microsoft says cyberattack should be wake up call for governments

Germany's national railway says that it was among the organizations affected by the global cyberattack Germany's national railway says that it was among the organizations affected by the global cyberattack
Sherri Watson | 17 May, 2017, 13:58

The criminals behind the "WannaCry" ransomware attack may have done just that.

"The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency", Microsoft President and Chief Legal Officer Brad Smith says.

The government on Sunday said it has activated a "preparedness and response mechanism" to prevent any major cyber attack from a new ransomware - "Wannacry" - which has infected computer systems around the world. Russia's Interior Ministry and companies including Spain's Telefonica, FedEx Corp.in the USA and French carmaker Renault all reported troubles.

State media said 29,372 institutions in China had been infected, along with hundreds of thousands of devices.

But that victory could be short-lived, experts said, because the software, known as WannaCry or Wanna Decryptor, is likely to be modified soon and continue its spread in a slightly different form.

Hitachi: The Japanese electronics firm said Monday that its computer systems have been experiencing problems since the weekend, including not being able to send and receive emails or open attached files.

Auto manufacturer Renault said one of its plants, which employs 3,500 people in Douai, northern France, wasn't reopening Monday as technicians dealt with the cyberattack's aftermath.

The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April.

John Paior, founder and chairman of data-protection specialist Geek - which has previously rescued many users" systems from ransomware attacks - said the Australian impact of the WannaCry ransomware had been minimised after the "kill switch' was identified by a developer that registered the domain name of a command-and-control server identified in the WannaCry code.

Microsoft's top lawyer is laying some of the blame at the feet of the United States government.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too hard to patch without possibly disrupting crucial operations, security experts said.

Patients arriving at Dharmais Cancer Hospital had to wait several hours while staff worked with paper records. "Check their anti-virus to make sure it has the latest definitions which is a live update or whatever they have", Christian told us.

Information-security expert and ISACA spokesperson Raef Meuwisse warned that the success of WannaCry in disrupting businesses reflected the predictable effects of the "massive false economy" created by companies' continuing disregard for the importance of cybersecurity investment.

The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly risky security hole in Microsoft Windows, negligent users who didn't apply Microsoft's March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks. "It's like after a robber enters your home". Heck, even after the ransom is paid, there is no guarantee that the bad guys will follow through with the decryption, making it quite the gamble. This trend highlighted the ongoing deficiencies in patching practices for which Flexera senior director of Secunia Research Kasper Lindgaard said "there is simply no excuse". The researcher discovered that the unnamed attackers had accidentally included a "kill switch" in their software that would allow the owner of a particular website to stop the attack.

"At the same time, we have a clear understanding of the complexity and diversity of today's IT infrastructure, and how updates can be a formidable practical challenge for many customers".

In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained.

When a demand for ransom payments appears on a user's screen - $300 at first, doubling to $600 in a few days - it's usually too late: All files on that computer have been encrypted and are unreadable by their owners. Many organizations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost. And it's why we've pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality.

Microsoft's top lawyer is laying some of the blame at the feet of the USA government.

"This may well force a lot of legacy systems finally into the cloud, is my guess", Baker said, "which is probably where they're going in the long run - but they'll get there faster [now] because the idea of continuing to run XP is not credible".