Microsoft Says Fighting Cyber Attacks Is A Team Effort

Claudine Rigal
Mai 20, 2017

This story doesn't feel too surprising. "This means that we take notice when cybercriminals employ tactics, techniques and procedures used by state adversaries", he said (PDF).

The agency and its partners in the global security community are now in a "sort of cat-and-mouse" competition with hackers, as variants of the software that foil previous solutions emerge, the official says.

In addition to Microsoft's Security Bulletin MS17-010 that patched the vulnerability in March, the company also issued a separate patch on Friday for users of older and unsupported operating systems such as Windows XP.

In 2014, Microsoft ended support for the highly popular Windows XP, released in 2001 and engineered beginning in the late 1990s, arguing that the software was out of date and wasn't built with modern security safeguards.

The so-called WannaCry hack takes advantage of a vulnerability in Microsoft Windows, leveraging an exploit stolen from the NSA in April to lock the computer systems of companies ranging from hospitals to vehicle manufacturers in exchange for ransom.

"But if a server is connected directly to the internet or a PC is on the same network as an infected computer, it can spread quickly - which is exactly what has happened", the Engadget report added.

Another company, also bank related, has a manager and head of security, who refuses to update reports. "You've got to keep your systems updated".

There are almost 150 million computers running Windows XP operation system globally.

Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don't install security upgrades because they're anxious about triggering bugs, or they can't afford the downtime. The security flaw that hackers used to launch the attacks Friday was made public after information was stolen from the U.S. National Security Agency, which routinely searches for flaws in software and builds tools to exploit them.

However, WannaCry didn't just affect the public sector.

More than 200,000 victims in around 150 countries have been infected by the ransomware which originated in the United Kingdom and Spain on Friday, before spreading globally. But an estimated 7% of the world's PCs still run on XP - that's about 70,000,000 machines.

Who was behind the attack?

Although the NHS is clearly under tight financial constraints, governments have significant resources to mitigate cyber-threats and can raise large amounts of money if politicians choose to do so.

The situation in Ireland is being monitored by the National Cyber Security Centre in the Department of Communications, Climate Action and Environment.

NHS Digital said health trusts across England were sent details of an IT security patch that would have protected them from the attack.

"The government can't do this alone - they're really going to have to reach out and work with Apple, with Microsoft and Google", Martin said.

Scammers apparently inspired by the WannaCry ransomware attack have been repeatedly calling an unwell 80-year-old Palmerston North woman, even ringing at midnight to try and con her.

There's no need to weep over WannaCry. Getting people to understand how is still a serious challenge. Most often the malicious software encrypts important files, making them unreadable, and often locks the computer.

Simon Parkinson does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond the academic appointment above.

D'autres rapports CampDesrEcrues

Discuter de cet article

SUIVRE NOTRE JOURNAL