Fallout from WannaCrypt attacks continues as Microsoft publicly calls out NSA for stockpiling security vulnerabilities
It has been a tough few days in the world of cyber security, as the weekend saw a global ransomware attack quickly spread across a host of countries and blocked hundreds of thousands of users from accessing their data unless they paid a Bitcoin ransom.
In the UK specifically, WannaCrypt struck multiple NHS hospitals in London on Friday, including the Barts Health NHS Trust, forcing them to switch off Wi-Fi networks and cancel patient appointments.
Following the early wave of attacks, Microsoft President Brad Smith has slammed the National Security Agency (NSA) for the “stockpiling of vulnerabilities” and warned that the attack should be seen as “a wake-up call” for governments.
The ‘WannaCrypt’ or ‘WannaCry’ ransomware is believed to have stemmed from exploit tools stolen from the NSA in January by notorious hacker group ‘ShadowBrokers’, for which Microsoft released a patch.
However, the security update only protected newer versions of Windows and computers that had Windows Update enabled, meaning computers using outdated operating systems were left unprotected.
Microsoft has since released more updates to help secure customers following the discovery of a kill switch in the code which can disable the attack, but it is not happy with the role played by the NSA.
The company has come down hard on governments who continue to hoard security vulnerabilities and in a blog post Smith even went as far as to compare the WannaCrypt attack to the US military having its Tomahawk missiles stolen.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” he said. “This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organised criminal action.
“The governments of the world should treat this attack as a wake-up call. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith also called for world governments to come together to battle against today’s cyber threats, echoing the passionate speech he delivered at prominent security conference RSA 2017 earlier this year where he warned about the dangers of nation-state cyber attacks.
He said that, due to hackers and cyber exploits continuing to increase in sophistication, cyber security has become the “shared responsibility” of technology companies, customers and governments.
“We should take from this recent attack a renewed determination for more urgent collective action,” he said. “We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks.
“More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us.”
Quiz: Cyber security in 2017