Mediaboss Marketing

A top Microsoft executive partly blamed the US government for the WannaCry ransomware attack, saying hackers found a crucial Windows vulnerability in data that had been stockpiled by the NSA.

First noticed on Friday, the WannaCry attack has affected at least 200,000 computers in more than 150 countries, with attackers locking people out of their computers while demanding a Bitcoin ransom.

This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem, Microsoft President Brad Smith wrote in a Sunday blog post.

At the same time, Smith tried to deflect criticism of Microsoft in the disaster, noting that the software giant issued a patch for the vulnerability earlier this year that many organizations ignored.

Smith said the crisis is a wake-up call, and that Microsoft has been working around the clock to assist affected customers, including those on older versions of Windows that are no longer supported.

We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world, Smith griped.

Some security experts expect a fresh wave of attacks will begin Monday, as employees arrive at work and turn on affected computers. The WannaCry attack is particularly powerful because it doesnt necessarily require users to click a link or download software to spread.

Governments worldwide need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world, Smith said. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.

Go here to see the original:
Microsoft's president blames NSA for WannaCry attack - New York Post

A programmer shows a sample of decrypting source code in Taipei, Taiwan, on May 13, 2017. Ritchie B. Tongo / EPA

Related:

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017," Smith said in a

He likened the situation to what would happen - hypothetically - if the U.S. military had some of its Tomahawk missiles stolen.

"The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," he said.

Microsoft called for a "Digital Geneva Convention" in February, asking for governments to report vulnerabilities to vendors, rather than stockpiling, selling or even using them.

Jeremiah Grossman, chief of security strategy at SentinelOne, told NBC News this instance may serve as a huge lesson in driving the conversation.

"Effectively, what Microsoft is saying is they don't want any government hoarding zero days because of situations like this," Grossman told NBC News. "We have to protect the nation and have to protect people first, but they had a leak."

Related:

While it looked to Grossman like Smith, of Microsoft, "came out swinging" at the National Security Agency, he said we shouldn't expect to hear anything concrete from the highly secretive group.

"We are not going to get a response unless it is in their best interest, and in this case, I can't imagine a narrative where it is," Grossman said.

Josh Feinblum, vice president of information security at cyber security firm Rapid7, told NBC News the WannaCry debacle speaks to a "broader industry challenge."

"I think that this exploit would have existed whether the NSA had discovered it or not," Feinblum said. "It's easy to want to pass blame, but I think it is a cost of operating in such a highly technological society and we just have to do a better job in figuring out how to get our environment secure."

Original post:
Microsoft Comes out Swinging at NSA Over WannaCry Hack Attack - NBCNews.com

An international cyberattack that occurred during the weekend is believedto have been perpetrated with tools that were stolen from the National Security Agency.

The so-called ransomware attack impacted more than 200,000 computers in more than 150 countries by freezing hard drives and servers until a ransom was paid, according to a report by The Week. The main victim was theRussian cybersecurity firm Kaspersky Lab, which has caused consternation among many Russian officials.

As Frants Klintsevich, a high-ranking official in the Russian Senates defense committee, told the state-run news agency Tass, Humanity is dealing here with cyberterrorism. Its an alarming signal, and not just a signal but a direct threat to the normal functioning of society, and important life-support systems.

Russian officials are divided as to whether the United States government was responsible for the attack. Some claim that it was retaliation for the alleged Russian meddling in the 2016 presidential election (which the Russian government denies), while others argue that the United States wouldnt engage in actions that would so clearly be considered an act of war.

Either way, the perpetrator of the attacks is believed to have used NSA tools that were stolen from the American agency. Most of the damage inflicted by the cyberattacks occurred in Europe and Asia.

The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits, said Europol in a statement. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation.

Here is the original post:
Stolen NSA tools used in international cyberattack - Salon

Microsoft's president and chief legal officer Brad Smith: "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem."

Microsoft president and chief legal officer Brad Smith has called for "urgent collective action" in response to Friday's WannaCrypt ransomware attack on Windows machines that didn't have Microsoft's March patch for a flaw in the Windows Server Message Block (SMB) protocol.

Governments, in particular intelligence agencies such as the National Security Agency (NSA), need to rethink the practice of stockpiling cyberweapons, Smith said in a blogpost on Sunday detailing how Microsoft, governments, and industry can prevent a repeat of Friday's devastating and widespread WannaCrypt ransomware attack.

While improvements can be made by all groups, as Smith emphasized, the WannaCrypt exploit that caused Friday's chaos was "drawn from the exploits stolen from the National Security Agency". In other words, had the NSA reported the flaw to Microsoft instead of keeping it and eventually leaking it, Friday's attack might not have been so widespread.

The WannaCrypt attacks hit Europe first, crippling around 45 UK hospital groups among others, before being accidentally contained by security researchers at MalwareTech, minimizing the impact on US organizations.

The specific NSA exploit that WannaCrypt adopted as a replicating mechanism was called EternalBlue, which targeted a flaw in Windows SMB and was leaked by the mystery hacker group, Shadow Brokers, in April.

Microsoft fortunately released a patch for the flaw in the MS17-010 bulletin in March, but as Friday's attacks revealed, many organizations don't or can't apply patches within two months, even for critical, highly publicized flaws.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," said Smith, comparing the exploit's theft to stolen missiles.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," he wrote.

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today -- nation-state action and organized criminal action."

Smith highlighted Microsoft's decision on Friday to release a patch for unsupported Windows XP, Windows 8, and Windows Server 2003, as evidence of the priority it places on security, alongside updates in Windows Defender and its Advanced Threat Protection service.

And while he reminded users that "there is simply no way for customers to protect themselves against threats unless they update their systems", Smith does concede that some organizations face a "formidable" challenge in applying patches immediately.

Exactly how Microsoft plans to make it easier for organizations to patch their systems without breaking operational equipment remains to be seen. However, Smith said Microsoft is "dedicated to developing further steps to help ensure security updates are applied immediately to all IT environments".

Finally, Smith believes the WannaCrypt attack illustrates why it makes sense governments for to agree to Microsoft's proposal for a 'digital Geneva convention', which would require governments to report vulnerabilities to vendors, rather than stockpile or buy and sell them.

"We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it's needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part," Smith finished.

According to Reuters, Russian president Vladimir Putin agrees with Microsoft on this issue.

"I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the US intelligence services," Putin said.

"Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators," he added.

"So this question should be discussed immediately on a serious political level, and a defense needs to be worked out from such phenomena."

See the original post:
Windows ransomware: WannaCrypt shows why NSA shouldn't stockpile exploits, says Microsoft - ZDNet

In mid-April,an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the Shadow Brokers. Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.

An infected NHS computer in Britain

Gillian Hann

The malware worm taking over the computers goes by the names WannaCry orWanna Decryptor. It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin. At this point, ones computer would be rendered useless for anything other than paying said ransom. The pricerises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) willmake the data permanently inaccessible (WannaCry victims will have a handy countdown clocktosee exactly how much time they have left).

Ransomware is not new; for victims, such an attack is normally a colossal headache. But todays vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly health care, communications infrastructure, logistics, and government entities.

Reuters saidthathospitals across England reported the cyberattack was causing huge problems to their services and the public in areas affected were being advised to only seek medical care for emergencies, and that the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

The worm has also reportedly reached universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry. In total, researchers have detected WannaCry infections in over 57,000 computersacross over 70 countries(and counting these things move extremely quickly).

According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs asMalwareTech told The Intercept, Ive never seen anything like this with ransomware, and the last worm of this degree I can remember is Conficker. Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9million computers in nearly 200 countries.

Most importantly, unlike previous massively replicating computer worms and ransomware infections, todays ongoing WannaCry attack appears to be based onan attack developed by the NSA, code-named ETERNALBLUE. The U.S. software weapon would have allowed the spy agencys hackers to break into potentially millions of Windows computers by exploiting a flaw in how certain versions of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixedthe ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in government) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them but from the moment the agency lost control of its own exploit last summer, theres been no such assurance. Today shows exactly whats at stake when government hackers cant keep their virtual weapons locked up. As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, I am actually surprised that a weaponized malware of this nature didnt spread sooner.

Screenshot of an infected computer via Avast.

The infection will surely reignite arguments over whats known as the Vulnerabilities Equity Process, the decision-making procedure used to decide whether the NSA should use a security weakness it discovers (or creates) for itself and keep it secret, or share it with the affected companies so that they can protect their customers. Christopher Parsons, a researcher at the University of Torontos Citizen Lab, told The Intercept plainly: Todays ransomware attack is being made possible because of past work undertaken by the NSA, and that ideally it would lead to more disclosures that would improve the security of devices globally.

But even if the NSA were more willing to divulge its exploits rather than hoarding them, wed still be facing the problem that too many people really dont seem to care about updating their software. Malicious actors exploit years old vulnerabilities on a routine basis when undertaking their operations, Parsons pointed out. Theres no reason that more aggressive disclose of vulnerabilities through the VEP would change such activities.

A Microsoft spokesperson provided the following comment:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Update: May 12, 2017, 3:45 p.m. This post was updated with a comment from Microsoft.

Update: May 12, 2017, 4:10 p.m. This post was updated with a more current count of the number ofaffected countries.

Here is the original post:
Leaked NSA Malware Is Helping Hijack Computers Around the World - The Intercept