What Can we Learn from the Recent Cyber-Attack?
The cyber-attack that has hit 150 countries since Friday should be treated around the world as a "wake-up call", Microsoft says.
Starting in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom of £230 using Bitcoin. People are being urged not to pay the fee, as there is no guarantee that this will allow the user access to their files.
“WannaCrypt” Ransomware, also known by the names “WannaCry”, “WanaCrypt0r” or “Wcrypt” is a ransomware which targets Windows operating systems. It was discovered on Friday that “WannaCrypt” was used in a large scale cyber-attack and has since infected more than 230,000 Windows PCs in 150 countries.
The WannaCrypt exploits used in the attack were stolen from the National Security Agency (NSA), in the United States, which were publicly reported earlier this year. This exploit is named as EternalBlue which was reportedly stolen and misused by a group called Shadow Brokers.
A month earlier, Microsoft released a security update to patch this vulnerability, and protect customers. While these newer, better protected Windows systems enabled this Windows update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes have been affected.
This attack demonstrates how cyber security has evolved into a shared responsibility between tech companies and customers. The fact that so many computers worldwide remain vulnerable two months after the release of a patch, shows how far we need to come in improving security to combat attacks similar to this in the future.
As cybercriminals become more sophisticated, it becomes more important for customers to take appropriate action to protect themselves, and update their systems to ensure they have the best level of security. If not, customers will be fighting the problems of the present with tools from the past. This attack is a powerful reminder that keeping computers current and patched are a high responsibility for everyone.
At the same time, we have a clear understanding of the complexity and diversity of today’s IT infrastructure, and how updates can be a formidable practical challenge for many customers. Microsoft use robust testing and analytics to enable rapid updates into IT infrastructure, and are dedicated to developing further steps to help ensure security updates are applied immediately to all IT environments.
We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector and customers to work together to protect against cyber security attacks. In this sense, the “WannaCrypt” attack is a wake-up call for all of us. We recognise our responsibility to help answer this call, and Microsoft is committed to doing its part.
© Perfect Dynamics 2020