Question in: Cybersecurity in Enterprise

Ransom Worn Thin

3
160 views

The way I understand it is that all the latest hacks were due to gaps in counterfeit software or old softward that was not patched. I also understand this vulnerability was alerted by details stolen from the NSA. But if the NSA knew about the vulnerability why did the software companies that were alerted by the NSA not proactively roll out patches for free.

  • Do they not also have enough on the line to want their customers to be protected?
  • What needs to be true about this chain of events to not happen again?**
Cyber-security
NSA
Ransomware
Ransomware Protection
Cyber Security
Cybercrime
Cyber Defense
Thomas O'Malley
more than 1 month ago

3 answers

1

While a fair amount of what you say is true, especially that the hackers, who appear to be based in North Korea, used software released from the NSA repository. However, the SMB protocol weakness that was exploited by the WannaCry attack was, in fact, patched by Microsoft in March 2017.

Microsoft cannot send out people to break into your houses and offices to patch your computers for you. You have to do that. Fortunately, they provide a nice little tool that alerts you to any patch that your OS needs. You merely need to run it, pay attention to its notifications, or, just allow it to automatically patch your OS for you. All of these features are present and available at no additional cost to the individual or organization that purchased Windows.

The amazing thing about this patch is 100% of the victims had the opportunity to close the vulnerability, were notified to patch their OS, and chose not to. There is a reason your local IT guy, your local security consultant, and anyone else that knows anything about security tells you to keep your phone, router, computers, and tablets updated to the latest security patches.

Craig Humphreys
more than 1 month ago
1

It is very easy to point fingers at all parties involved. Microsoft with not supporting older software, NSA and larger organization for not patching their older system. Corporate policy makes focusing on bottom dollars and reducing staff with no resources fixing and upgrading their older technology, etc. But the real guilty party is everyone. We live in a different world that requires different way of thinking managing technological improvements impacting every aspect of our daily lives.
So let’s take a closer look after acknowledging the problem isn’t just one group. NSA discovered the vulnerability a few months ago but did not know how to protect their digital information. Microsoft developed the patch but they have no way to know who has used it and who hasn’t to warn them and guild them. If you have ever worked in large organizations particularly medical, government and financial institutions then you would know that upgrades, patching and replacing older system is viewed as high priority but not enough skills and resources to make things happen when needed.
Bottom line, we need to learn to live and manage our world in digital age differently.

Nasser Mirzai
more than 1 month ago
1

The answers from both Craig & Nasser are on target. The main vulnerability exploited was unpatched systems.

To add some follow-up information....
The attack was widespread and highly publicized, and certainly caused substantial problems. However, it was nowhere near as bad as it might have been. The number of systems potentially infected might have been millions -- connected to infected systems and running an OS that would be vulnerable if unpatched -- so 300,000 is perhaps a modest number. Various reports indicate that total ransoms paid were around $70,000 (based on activity at the ransom payment site), a tiny amount for 300,000 infected systems, which indicates that most of those hit were able to recover fairly quickly without paying a ransom. The best way to recover from a ransom attack is to have a solid, accessible, recent backup -- then you can wipe the infected system and reload it from the backup, with minimal loss of data and putting the system in a "good as ever" pre-infection state.

So, patch and back up regularly!

John Appleman
more than 1 month ago

Have some input?