Mercredi, 25 Novembre 2020
Dernières nouvelles
Principale » Microsoft faulted over ransomware while shifting blame to NSA

Microsoft faulted over ransomware while shifting blame to NSA

17 Mai 2017

While authorities can and do use security flaws to gather intelligence, companies such as Microsoft want to be told about vulnerabilities so they can patch the holes in their security and protect their users from attacks such as WannaCry.

In the wake of the WannaCry Ransomware cyber attacks, Indian banks and ATMs managed to successfully beat the global attacks and remain unaffected by the biggest cyber attacks in Internet history that have crippled almost 200,000 computers across 150 countries with systems bending down on its knees with encrypted data refusing access to the users.

The ransomware has hit various IT systems in more than 150 countries, including Russian Federation and the United Kingdom, in one of the most widespread cyber attacks in history. Microsoft issued the patch shortly after the vulnerability was made public.

Microsoft issued a security update for the vulnerability on March 14, 2017.

The four computers were switched on as usual and they were unable to open any document files as the virus displayed messages demanding a payment of $300 in virtual currency Bitcoin to unlock files and return them to the user.

The cyber security expert draws parallels with the data security breaches last September and October, where a malware attack forced Indian banks to replace or request users to change the security codes of 3.2 million debit cards.

This attack was created from ransomware created by the National Security Agency to penetrate computers. Those behind the malware attack used the flaw to get into Windows systems. The ease of stopping the attack suggests the hackers were new to this game.

The episode underscores the folly of the USA law enforcement demand that tech companies install backdoors into their devices and services.

The U.S. government has been linked to an industrial control system malware called Stuxnet that was used in an operation to attack Iran's nuclear program several years ago.

Paris - "La droite tient", assure Accoyer (LR)
Accoyer a jugé qu'Edouard Philippe "s'est mis en dehors de notre famille politique, il a quitté lui-même notre mouvement".

The widespread attack has prompted calls - most notably from Microsoft's President and Chief Legal Officer - for the NSA to share with companies what it knows about other vulnerabilities, and raised questions about the agency's ability to safeguard its stockpile of secret exploits.

The attack, Smith says, "represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today - nation-state action and organized criminal action". However, they aren't agencies of the US intelligence community.

Global standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says.

"We need to make it as easy as we can for people to patch their systems, and then customers have to apply those patches", Smith says.

Cyber security expert James A. Lewis doubts global rules can be created for cyber spying. The danger hasn't been restricted to the systems of various organisations, both public and private, either; the virus seems to have affected personal computers across the globe as well.

Terming such cyber-attacks as a shared responsibility between tech companies and customers, the tech giant said, so many computers remained vulnerable even two months after the release of a patch. They run at a much slower speed so it is likely that the slower speed of such systems didn't let the WannaCry Ransomware attack them.

When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches, said Michael Scott, a professor at Southwestern Law School.

By bundling a tool farmed from the leaked NSA files with their own ransomware, "they achieved better distribution than anything they could have achieved in a traditional way" he said.

Microsoft faulted over ransomware while shifting blame to NSA