Wednesday, 19 December 2018
Latest news
Main » The NSA told Microsoft about EternalBlue hack used in WannaCry

The NSA told Microsoft about EternalBlue hack used in WannaCry

19 May 2017

Global software giant Microsoft could have prevented the WannaCry ransomware from reaching epidemic proportions globally and become a hero for millions of people, but lure of monetary gain stopped it from taking the right decision.

Who's being targeted? Am I safe?

Directorate identified in 2010 that 85% of attacks involve unsophisticated techniques that could have been avoided by implementing four simple strategies: application whitelisting; general application patching; patching operating system vulnerabilities; and restricting administrative privileges to operating systems. It has exposing the chaos - limited, thankfully, this time, but potentially, life-threateningly worse - that results when governments allow the creation of devastating hacking tools without any coherent policy on informing companies of those exploited vulnerabilities or what to do if the tools fall into unsafe hands.

With this revelation, the brand image of Microsoft will certainly take a hit.

Ransomware is the name given to software used to encrypt or "lock" data files in the possession of another person for the goal of holding that data to ransom.

Mahrez's Champions League ambitions no problem for Shakespeare
Craig Shakespeare addresses the multiple questionable calls against Leicester, which led to their loss against Man City. Shakespeare must also resolve on his own future with his short-term contract as manager expiring in June.

Echoing that view, the former government official said: "One way to view it might be: they made a defective product that the current laws don't make them liable for, and force you to buy a new product otherwise you are vulnerable to harm from the existing product". "Still, the NSA can't be very proud of this".

Analysts have noticed an uptick of ransomware attacks in recent years, with most predicting an even bigger increase in 2017. "It said nobody thought anything about what would happen if a little company got breached", says Levin. "In case the client is using pirated or old software which is making them victim to cyber crime, no money will be paid", said a senior executive of a private insurance company who also said there is a spike in queries of cyber insurance.

As Microsoft president Brad Smith has said, governments worldwide must at once inform the developer the moment a security loophole has been detected, instead of quietly selling, storing, using, or allowing irresponsible individuals to gain access to it.

Avivah Litan, a cybersecurity analyst at Gartner, agreed that the government is "is negligent not doing a better job protecting companies", but added that it's not like "you can stop the U.S. government from developing cybertools" that then work as intended.

Like WannaCry, the program attacks via a flaw in Microsoft's Windows software.

WannaCry ransomware: Cash crunch hits ATMs in Bengaluru
Estimates of the economic impact are still being tabulated, but they could easily run into the tens of billions of dollars. Ransomware is ideally used against large organizations and can meet the large ransom that is usually demanded of hackers.

"This one took advantage of a vulnerability discovered with Microsoft and, in particular, older versions of the software", says Levin.

Security experts have long warned about attacks on large numbers of unpatched systems, and while there's a slow migration to newer systems, it's not moving fast enough.

Such attacks are mostly waged against businesses, but can also affect individuals. That way, if a hacker locked down your computer, you could simply erase all the data from the machine and restore it from the backup.

"It's not rocket science", Litan said.

"We know already that there have been attempts to attack organizations beyond the National Health Service", the NCSC said. Asked what the company is doing to prevent such exploitations, he cited "basic IT security blocking and tackling".

New Orleans: Removal of 3rd Confederate-era monument begins
However, things took a different turn this time around when an ad hoc brass band showed up to celebrate the occasion. Lee on Friday, completing the southern city's removal of four Confederate-related statues that some called divisive.

But many users had not installed the patch by the time EternalBlue was dumped on the Internet in April. Some of you don't want to have to learn how to use it, but it's worth the trouble.

The NSA told Microsoft about EternalBlue hack used in WannaCry