Microsoft blames USA stockpiled vulnerability for ransomware attack

Brunilde Fioravanti
Mag 20, 2017

Microsoft has had a whirlwind last few days. "Until hundreds of thousands of unpatched Windows systems have been updated, a WannaCry 2.0 campaign could effectively pick up where Friday's attack left off", he wrote. The BBC quoted one NHS staffer who said it was "absolute carnage" and that "patients will nearly certainly suffer and die because of this".

One takeaway is sexy and edgy.

Alex Abdo, a staff attorney at the Knight First Amendment Institute at Columbia University, said Microsoft and other software companies have strategically settled lawsuits that could lead to court rulings weakening their licensing agreements. Install all Windows updates. 5. Millions of devices could still potentially be vulnerable if they had failed to apply the required security patches.

Most of the health service's computers run Windows XP, out-of-date software which no longer gets security support from Microsoft as of 2014. In digital years, that's old. What other vendor is still supporting software sixteen years after release for free. The patch to secure your environment against WannaCryp has been out for two months, that is more than enough time to deploy the update. "Think about how antiquated that feels to us today", Smith says. Yet in an unusual step, they released a patch for those older systems because of the magnitude of the outbreak.

The Microsoft president's second takeaway is not about what businesses of every size need to do.

The Windows vulnerability in question was purportedly identified by the NSA for its own intelligence-gathering purposes. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage", said Smith. Once malicious software is in the wild, it is commonly reused by hacking groups, especially nation-states trying to leave the fingerprints of another country. Following the WannaCry attack, one of the biggest in history, Microsoft itself has joined the ranks of the critics. While a United Kingdom security researcher managed to stop the spread of the virus, hackers have issued new versions that cybersecurity organizations are trying to counter and stamp out. Nonetheless, they say the idea of this being a false flag - that is, an attempt to trick investigators - is "although possible, improbable".

The hack wasn't just limited to computer systems in the UK.

When Microsoft stopped supporting Windows XP, to which they had extended the product lifecycle on multiple occasions, it was only a matter of time before a massive cyber attack occurred against these users and unfortunately, it was a hospital hit the hardest.

If you do a quick search on the web, you can find many pointing the finger at just about everyone with Microsoft getting the most amount of heat for the situation which is honestly laughable; they NYT's Opinion section posted that the company should provide security updates to all of its outdated software for all of eternity. "Microsoft has a very strong position that is an absolute, whereas my position is a little bit more balanced", Grobman says.

On top of that, the NSA would likely be able to claim that it is shielded from liability under the doctrine of sovereign immunity, which says that the government can not be sued over carrying out its official duties.

Such a disparity between the damage wreaked by the ransomware and the money its creators earned may come as a surprise to many, but this is often the case with large-scale cyberattacks.

Clearly, there is a difference of opinion among tech leaders. But in this case, according to Kaspersky Lab, the shared code was removed from the versions of WannaCrypt that are now circulating, which reduces the likelihood of such a "false flag" attempt at misdirection.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE