As Roy reported last week, Great Britain’s National Health Services (NHS) was one of many organizations around the globe to be hit with a Denial of Service attack called WannaCry (or WannaCrypt).
So let’s recap what happened-
The good ol’ boys at the NSA uncovered a vulnerability known as MS17-010 in Windows Vista, Windows XP, Windows 7, and Windows Server 2008 and developed a hack nicknamed EternalBlue based upon this vulnerability.
Microsoft posts a patch on 14 Mar for everything except XP, as this version is no longer receiving security updates.
The hacker group Shadowbrokers dropped the NSA hack onto the internet on 14 Apr.
On 12 May WannaCrypt is released and all hell breaks loose!
While it appears that remedial measures may have slowed things down, it raises more questions than it answers.
How could the NSA’s hacking software end up in the wild?
Why didn’t Microsoft patch XP systems (as they are still in use)?
Is it true that countries that do little to prevent software pirating were hit the hardest?
Why didn’t these companies utilize the security patches that Microsoft released?
Should effected companies be help accountable for their blatant lack of cybersecurity?
The list could go on and on as there is plenty of blame.
Microsoft blames the NSA, the NSA blames ShadowBroker, ShadowBroker takes advantage of lax cybersecurity, and it all goes round n’ round n’ round.
It doesn’t get much more serious that a denial of service for a healthcare network involving hospitals and patients. Lives are at stake and that’s impossible to put a price on.
At the risk of sounding like a broken record, as time marches on and computer networks become more entwined with our daily lives, events like this only highlight the need for a greater focus on cybersecurity. There was no need to spend money on upgrading older systems or massive software upgrades, no, this was something as simple as updating a monthly security patch.
Just one more reason-