Sunday, May 14, 2017

A Taste of Their Own Medicine?

Hackers launched a ransomware attack against computers across the world in recent days, demanding victims pay them in bitcoin in order to unlock their computers. The attackers went after banks and vulnerable social infrastructure, including hospitals, transportation and police.

Russian hackers have historically been behind ransomware attacks. But it was Russia -- the source of hacking attacks against Hillary Clinton and Emmanuel Macron -- that was hardest hit by these most recent attacks:
Russia was again at the center of a global hacking scandal when computer systems the world over were frozen this weekend by a variant of malicious software known as WannaCry. But this time, Russians were among the victims of the attack, not suspected of being the perpetrators.

In fact, of all the countries afflicted in the first wave of the spread of the malicious software, Russia was hit the hardest: The virus tried to infect more computers in Russia than anywhere else, according to an analysis by Kaspersky Lab, a Russian antivirus company.
And the reason that Russia was hit hardest? They're all running outdated versions of pirated software, including ancient Windows XP and Microsoft Office. Yeah: most Russian government agencies and businesses run on stolen software.
The malware was based on a program developed by the N.S.A. and stolen in a breach of the United States government’s servers. The version of the program used to demand ransoms from the operators of frozen computer systems exploits vulnerabilities in older and unlicensed versions of Microsoft Windows, used widely in Russia, that did not have security patches. 
The United States is not innocent in this. The NSA and CIA have cyberteams looking for software vulnerabilities, and instead of letting suppliers know about these bugs, they hoard this information hoping to spring it on our enemies some day.

But they're not the only ones looking for this security holes. Cyber criminals find them and exploit them right away, costing innocent civilians billions of dollars in lost productivity, ransoms and lost data.

The two most important lessons from this: 1) keep your computer updated with the latest security patches, and 2) our government shouldn't be playing a computerized version of Spy vs. Spy: they should notify software suppliers of security holes as soon as soon as they find them.

No comments: