Hackers, the NSA, Microsoft or Shadow Brokers: Who’s really to blame for WannaCry? – Healthcare IT News (blog)

I try not to jump on bandwagons, but with so much coverage of the worldwideWannaCrymess, I do have a few things to say that you may not have seen elsewhere.

There's beenplentyofmediacoverageso I'll just give a high level overview of what happened. Like many other nations, the USNational Security Agency(NSA) studies computer flaws and develops ways to attack them. TheShadowBrokersare a hacker group who started leaking some of these NSA-developed attacks in the second half of 2016. TheApril 2017 editionof their leaks included the code that enabled the WannaCry attack.

The attack that started on Thurs May 11 consisted of two parts. One would encrypt files so that the owner could not get access to their files (commonly called "CryptoWare"). The other part could get remote access to any vulnerable computer. This was a very powerful combination and this is the first time we've seen this kind of auto-spreading cryptoware. Once infected, the victim sees a screen that directs them to pay a ransom in Bitcoin so the whole attack is considered ransomware.

Now, Microsoft did release a patch in March to fix some of these problems, in particular, the remote access part. So no problem, right? Desktops and laptops are usually easier to patch, and you should always have your home systems set to automatically update. But servers need more testing to assure that applications continue to work as expected.

Patching was a critical part of the fix, but there was definitely more to it including things like new anti-virus signatures, whitelisting, intrusion prevention signatures and firewall rules.

One reason healthcare orgs seemed to be hit hard, including the BritishNational Health Service(NHS) is that healthcare often has many older systems and applications. These can be hard to update. With NHS, most of their desktop systems were running Windows XP!

But now ... who is actually to blame?

Inhispodcast, episode 21,Graham Cluleyasked this question. In particular, the question was, which of Microsoft, NSA, Shadow Brokers are to blame. You can listen to hear what they said.

Here's my opinion. There's one group to blame and then an additional area of concern.

The "blame" goes to those who carried out the exploit!

Yes, they took advantage of existing vulnerabilities and companies that didn't protect their systems, but that's beside the point. I mean, just because a bank has a welcome mat at the door doesn't mean you're allowed to rob it.

Now, what about these software vulnerabilities? Why do we keep having these problems? Someone has to write these in first place. I'm not picking on software developers. I've been one. It's a hard job. Code is very complex. This is something we call secure software engineering and it's not easy, but there are tools available to help us.

For additional reading, security expertMarcus Ranumwastalking about this wholecomplexity issue12 or more years ago.

And, not to pick on Microsoft, but why do we give everyone a computer with a general purpose operating system when most people only do specific things like email or word processing which can both be accomplished inside a browser? The more we can simplify the better off we'll be.

And then there's the correspondingmonocultureproblemwe were discussing 15-20 years ago: If everyone's computer is basically the same,then one problem can take them all out (thinkpotatoblight). And that seems to happen pretty regularly (to computers, not crops). The answer here is special purpose computing, and the more scaled down the better. I'm a big fan of "thin" systems like Chromebooks.

What can you do to protect yourself?

At home and at work: be careful with links and attachments.

At work: follow security policies and work with your IT team on all technology needs (if it uses electricity, it could pose a security issue).

At home: use the default for windows updates, useSecunia PSI, if you use Windows turn on the all the default protections and, of course,back up your data.

There are many good tools available for home backups includingCarboniteandCrashPlan, or even Microsoft OneDrive or Google Drive. And two good choices for encrypting data arebitlockerandveracrypt.

You need to take these kinds of steps now because we are going to see more new and bigger attacks coming in the future.

This post originally appeared on Barry Caplins Security and Coffeeblog.

Excerpt from:
Hackers, the NSA, Microsoft or Shadow Brokers: Who's really to blame for WannaCry? - Healthcare IT News (blog)

Related Posts

Comments are closed.