Over the past few years, malicious software – which blocks access to computers – has been spreading at an alarming rate, targeting hospitals, telecommunications, and corporate offices worldwide. These attacks began when information of a software vulnerability originally discovered by the National Security Agency (NSA) was stolen and leaked by a criminal group known as Shadow Brokers.
Reports say that the malware spread originated in Britain and soon extended to dozens of nations with Europe, Asia and Latin America taking the hardest hits. “‘This is not targeted at the NHS,’ British Prime Minister Theresa May told reporters. ‘It’s an international attack, and a number of countries and organizations have been affected.'”
Cybersecurity experts have stated that the malicious software worked by exploiting a flaw in Microsoft software. Although a patch to fix said flaw was released in March, the patch was applied inconsistently, leaving many computers vulnerable to the attack. The malicious software, known as “ransomware” as it encrypts systems and threatens to destroy the data if a ransom is not paid, has been spreading through computers which have not yet adopted the new patch.
Despite the work of the Moscow-based Internet security company, which was able to detect and successfully block a large number of ransomware attacks worldwide (where the encrypted data takes on an extension of .WCRY in the file name), there were still many computers which were attacked.
The ransomware, called Wanna Decryptor 2.0, supports 28 different languages, allowing for it to be spread internationally. The ransomware, once opened by a “single user on a computer network, is able to spread to many other machines on that network, vastly expanding the reach of the attack.”
The group responsible for the attack – calling itself Shadow Brokers – began in August when it released virtually NSA’s entire library of powerful hacking tools. “The U.S. government reportedly has still not developed full confidence in the identity of the hackers. Suspicion has fallen on the Russian government, but in October the FBI arrested a Maryland man” who previously worked at a unit that carried out hacking operations around the world, obtaining intelligence on spies, terrorists, and other targets.
Health facilities have been a large target for these attacks as it is an industry often said to maintain insufficient investments in computer security. Cornell University computer science professor Emin Gun Sirer said, “Undoing the hack is going to be just about impossible. The only options are to wipe the machines and move on or to pay the ransom.” In addition, Nigel Inkster, former director of operations and intelligence for MI6 reported that outdated software was another element assisting the vulnerability of the NHS. He said, “A lot of hospital trusts in the U.K. are running their systems on Windows XP software, which hasn’t been supported by Microsoft for two or three years. In other words, Microsoft is no longer looking for and seeking to repair vulnerabilities in the system.”
In recent years, cybersecurity has been “high on the agenda of many high-level gatherings of Western military and political leaders.” This attack just serves to prove how far behind we have fallen in holding up this obligation. The European Commission has also called for greater attention to cybersecurity “as the world becomes more vulnerable to cyber attacks, with security breaches causing significant damage. It is said the commission plans a full review of European Union cybersecurity measures by September.”