The massive international cyber attack that struck last week will be a big wake-up call for Microsoft users today as ransomware is demanding $300-$600 per device.
The WannaCrypt ransomware used in the attack was “drawn from the exploits stolen from the National Security Agency, or NSA, in the United States” according to Brad Smith who reported updates in a blog post.
RELATED: Debunked Online Security Breach Myths
That theft, he said, was publicly reported earlier this year, and in March Microsoft released a security update “to patch this vulnerability and protect our customers”.
“While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally,” he said. “As a result, hospitals, businesses, governments, and computers at homes were affected.”
As a result, Mr Smith said, the attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers .
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” he said. “Otherwise they’re literally fighting the problems of the present with tools from the past.”
He also said that the attack highlights “why the stockpiling of vulnerabilities by governments is such a problem”.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
He likened the most recent cyber attack to “the US military having some of its Tomahawk missiles stolen” and said that it “represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today”, namely nation-state action and organised criminal action.
Governments, he said, must treat the attack as a wake-up call.
“They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” Mr Smith said.
“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” he said.
“We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now.”
Are you a victim of fraud or money scam? Share your story with us on the Money Credit and You Facebook page!
Article contents courtesy of www.independent.co.uk
