In early April, when we reported that the hacker group known as the Shadow Brokers had released the password to NSA's "Top Secret Arsenal" of tools that allowed anyone to "back door" into virtually any computer system (in what it claimed was a protest of Trump's betrayal), few people noticed. On Friday, however, the entire world did notice when an unknown group of hackers reportedly used the same set of NSA-created tools to launch a global malware cyberattack using the WannaCry ransomware virus, holding at least 200,000 computer systems around the globe hostage, and demanding a payment of $300 in bitcoin to unlock infected computers, or else threatening to wipe out the contents of the host machine. The crippling, global attack prompted Europol to warn that Monday could be a dark day for an unknown number of Windows XP-based systems which could simply fail to start, leading to massive productivity losses around the globe, while some others predicted that the spread of the worm could accelerate in the coming days once the hackers bypass the temporary measure that prevented further distribution of the worm over the weekend...
# Needless to say, Microsoft was not happy.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage" Smith wrote, adding that an "an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action."
Microsoft's Chief Legal Officer also said the latest attack should serve as a “wake-up call” to world governments who should urgently establish a common set of strategies to deal with cyber threats.
“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” Smith wrote. “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith also acknowledged Microsoft’s responsibility for failing to prevent the attack by not notifying all customers to install the patch on time, but noted that cybersecurity is a “shared responsibility” between tech companies and customers.
“We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident,” MSFT's President added.
Meanwhile, a global manhunt is currently underway to determine the source of the cyberattack. According to the European Cybercrime Centre, Europol is “working closely” with countries affected by the blitz to identify the culprits. Microsoft too is contributing to the investigation. “Working through our Microsoft Threat Intelligence Center (MSTIC) and Digital Crimes Unit, we’ll also share what we learn with law enforcement agencies, governments, and other customers around the world,” Smith wrote.
As we reported earlier, the narrative is already set to determine that the culprits were most likely Russians....