Washington – Microsoft on Sunday slammed governments for stockpiling software vulnerabilities, saying last week’s ransomware cyber attack on 150 countries should be a “wake-up call” to them.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” the president of the US-based technology company Brad Smith wrote in a blog post.
“This is an emerging pattern in 2017,” he added.
The WannaCrypt malicious software used in the attack, which was launched on Friday and hit at least 200,000 computers worldwide, used a cybertool which was stolen from the US National Security Agency.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Smith continued.
“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”
“The governments of the world should treat this attack as a wake-up call,” Smith said. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
Friday’s attack took advantage of unpatched vulnerabilities in Microsoft’s older Windows operating systems.
Computers were infiltrated by the malware, which encrypted and blocked access to content until users paid between 300 and 600 dollars in the digital currency bitcoin.
Microsoft had issued a patch to address the weakness in March but many customers, including hospitals and governments, were slow to update their systems and so remained vulnerable.
Russia was among the countries hardest hit, with Britain’s National Health Service, Germany’s railway operator, US company FedEx and Spanish telecommunications giant Telefonica among the prominent victims.
The spread of the malware was halted when a 22-year-old British researcher, who uses the Twitter name MalWareTech, identified a so-called kill switch, a flaw in the malware which can be used to disable it.
However, security experts were on Sunday warning companies and governments to prepare for further attacks on Monday, when people return to work and switch computers on.
Britain’s National Cyber Security Agency said that since Friday’s attack there had been “no sustained new attacks of that kind.”
However, it warned that “compromises of machines and networks that have already occurred may not yet have been detected, and … existing infections from the malware can spread within networks.”
The researcher behind MalWareTech, who wants to remain anonymous, also warned that failure to install the Microsoft patch would leave computers vulnerable.
“Warning for Monday: If you turn on a system without the MS17-010 patch and TCP port 445 open, your system can be ransomwared,” he tweeted late Sunday.
Rob Wainwright, the head of Europol, the EU’s law enforcement agency, said in an interview with the BBC that the cyber attackers had now released a new version of the virus.
Security experts also warned that the attacks were likely to continue.
“I’m working on the assumption that there will be a wave of these attacks sooner or later,” Ruediger Trost of the security firm F-Secure told dpa.
IT expert Michael Backes of Saarland University said he expected “more comprehensive, more critical attacks.”
Friday’s attack had been already been very broad, he said. “That needs a lot of people at least, and probably a lot of financial support.” It would be very hard to catch the attackers, he added.
-dpa
