miércoles, 17 de mayo de 2017

WannaCry: a cyber mugging that’s not your fault | MercatorNet | May 17, 2017 |

WannaCry: a cyber mugging that’s not your fault

| MercatorNet | May 17, 2017 |







WannaCry: a cyber mugging that’s not your fault

And why the motivation for last weekend’s malware attack is still a mystery
Jeffrey Pawlick | May 17 2017 | comment 



Last Friday around 8am UTC, an unprecedented cyberattack called the WannaCry malware began spreading throughout networks, locking down computers and demanding US$300 in Bitcoin as a ransom payment for unlocking them.
The major news story broke when divisions of the British National Health Service (NHS) began turning away patients after they were hit with the malware. Throughout the day, WannaCry spread throughout the UK, Russia, Australia, the US, Germany, India, and China. The attack dealt blows to organizations such as FedEx, Telefónica (Spain), Deutsche Bahn (Germany), Sun Yat-sen University (China), and Russian Railways.
Around six hours after the attack began, it was completely and unexpectedly thwarted by Marcus Hutchins, a 22-year-old British cybersecurity researcher. Hutchins “accidentally” activated a kill switch for the malware, shutting down WannaCry worldwide.
It turns out that WannaCry was programmed to interface with a specific unregistered domain name. Hutchins registered that domain name in order to track the virus. He didn’t realize that by doing this he would be killing the malware. It just happens that the authors of WannaCry made a rather silly mistake.
Unfortunately, removing the kill switch wasn’t hard, and by now many variants of WannaCry have emerged that bypass this Achilles heel.
Unlike other ransomware, getting hit by WannaCry is probably not your fault
WannaCry is a particularly powerful piece of ransomware. Ransomware works by holding data or services hostage and demanding a payment. In the cyber world, the data is often held hostage on a victim’s own computer. It is encrypted, scrambled using a secret code that is only known to the attacker. The attacker demands a payment in exchange for unlocking the data.
Ransomware is not new; in fact, has become increasingly widespread over the last five years or so. According to Symantec’s most recent Internet Security Threat Report, the number of detections of ransomware increased 36 percent from 2015 to 2016; the average demanded ransom more than doubled, and the number of different malware families tripled. In summary, Symantec called ransomware “the most dangerous cyber crime threat facing consumers and businesses in 2016.” And that was before WannaCry.
This attack is different from the average ransomware. Typically, ransomware spreads via email or infected web domains. As long as users don’t click on bad links or open suspicious attachments, they stay out of danger. Email filters block hundreds of thousands of these attacks every day, before users even see them.
Unfortunately, WannaCry can spread throughout networks using other channels. After a computer is infected, WannaCry uses the Windows Server Message Block (SMB) to spread to other computers both over the Internet and over internal networks (such as local networks within a company). This is scary, because secondary targets don’t have to make any web browsing or email opening mistakes. Getting infected is like being mugged in your own home, despite keeping the door locked.
Who is to blame? 
Microsoft? Some people have blamed Microsoft for not preventing the WannaCry attack; after all, it was a mistake in Windows code that provided the weakness.
Surprisingly, though, Microsoft spotted the mistake this past March, and released a security update to fix it. This was a month before attackers learned that the NSA had also spotted the problem, and two months before this weekend when WannaCry used the bug in its ransomware. So what happened?
Some users knew about the update, but didn’t install it. Other users – particularly corporations with outdated technology – had Windows versions that didn’t receive the patch. Microsoft didn’t release updates for versions of operating systems that they had already ceased supporting.
Is Microsoft to blame? In my opinion, hardly. Many infected machines were running Windows XP, which by now is a 15-year-old system. Patching best-practices probably don’t include updates for technology that is so aged.
Moreover, once Microsoft realized the extent of the attack, they released a security patch for Windows XP, Windows 8, and Windows Server 2003 systems that were previously not supported. This is one of the only times that Microsoft has ever gone back to fix unsupported versions of its operating system.
National Health Service? If Microsoft gets off the hook, the NHS (also one of the main victims of the attack) does not. This is a good example of why not to continue to operate infrastructure on outdated operating systems. Running Windows XP is a huge security risk, and especially on critical systems such as those in hospitals.
Apparently, a group of security advisors also specifically gave NHS hospitals a patch that would have prevented their systems from being infected by WannaCry. But NHS didn’t deploy it.
It is true that many, many critical systems (power plants, water treatment facilities, airports) run outdated operating systems such as Windows XP, so hopefully the damage to the NHS will serve as a warning.
The NSA? Yes, the NSA is probably to blame. It is not simply the case that the NSA developed a weapon. Rather, the NSA realized that the weapon (the security vulnerability in Windows) existed, and they chose not to inform Microsoft.
The NSA had the choice between keeping a secret weapon to themselves, and ensuring that the weapon could never be used by revealing the flaw to Microsoft. They chose the secret weapon route – but someone spilled their secret.
Still, a full assessment of the NSA’s blame would likely require an entire thesis on the morality of offensive cyber capabilities. Most rely on finding bugs, and many of these bugs are probably in systems that are ubiquitous – such as Windows.
Therefore, the NSA exploit behind WannaCry belongs to the bread and butter of offensive cyber weapons. If cyber warfare is a staple of modern combat, should governments hold back developing their offense? Maybe the answer is yes, but I’m waiting to read that thesis before I make up my mind.
So far, there are no plausible motivations
Ransomware is financial malware, through and through. Encrypt a system, and demand payment. The amount collected in ransom payments is public, as are all Bitcoin transactions. As of 4pm in New York, WannaCry had earned about $74,000.
But $74,000 is peanuts! A business scheme needs to be judged not only on the potential revenue, but also on the risk. Financially astute attackers want to gather a large profit with low noise, in order to attract as little law enforcement response as possible.
Imagine that there are three hackers behind WannaCry, and that it cost each of them $5,000 in effort and exploits to launch the attack. Then they are left with $20,000 each after three days of world-wide mayhem. That’s hardly enough to risk getting apprehended as the most notorious cybercriminals of the year. Either the attackers expected more people to pay, or they didn’t expect the attack to spread so quickly and to make so much noise.
Other motivations are not much more logical. A state actor testing out a weapon for future use in warfare would also have tried to remain under the radar. And a terrorist group interested in simply causing damage would not demand a ransom.
So far, it seems that the press has focused on the actual attack, rather than who launched it, or on the red herring of how they were motivated. We are just beginning to see signs that point to North Korea, but the jury is still out. Let’s stay tuned.
Jeffrey Pawlick is a PhD Candidate in Electrical Engineering at the Tandon School of Engineering, New York University.
- See more at: https://www.mercatornet.com/connecting/view/wannacry-a-cyber-mugging-thats-not-your-fault/19810#sthash.yNLvwj6g.dpuf



MercatorNet

May 17, 2017

The week’s news has been a ping-pong match between the gaffes of Donald Trump and the tears of computer users affected by the WannaCry ransomware. In today’s issue of MercatorNet, we deal with the latter.
Jeffrey Pawlick, of New York University, examines a destructive attack which seems to have netted the perpetrators very little money. So why did they do it? It’s still a mystery. But this incident confirms once again that the technology of the internet is a double-edged sword. We frolic blissfully in an ocean of connectivity and information, but all the splashing attracts some very dangerous sharks.


Michael Cook 
Editor 
MERCATORNET



Is removing children from Mafia families in their best interests?
By Chiara Bertoglio
At least one Italian judge thinks so.
Read the full article
 
Ivy League school sent gender neutral acceptance letter to female applicant
By Sheila Liaugminas
Then the student rejected the school.
Read the full article
 
Teens disconnected from family are more addicted to the web
By Nicole M. King
We are not all equally vulnerable.
Read the full article
 
Should Americans have paid maternity leave?
By Shannon Roberts
Most Americans say yes.
Read the full article
 
WannaCry: a cyber mugging that’s not your fault
By Jeffrey Pawlick
And why the motivation for last weekend’s malware attack is still a mystery
Read the full article
 
Like him or loathe him, Trump could win in 2020
By Musa al-Gharbi
An incumbent president with a strong base and without stand-out candidate from the other party is in a strong position
Read the full article
 
Don’t expect a quick end to the war on free speech
By Denyse O'Leary
The momentum of the campaign will be hard to stop
Read the full article
 
Bullying and youth suicide in Japan
By Marcus Roberts
Why is the Japanese rate of youth suicide stubbornly high?
Read the full article
 
Do we have a right to a child?
By Michael Cook
Surrogacy is included in a payout to a Canadian woman injured in a horrific car accident
Read the full article


MERCATORNET | New Media Foundation 
Suite 12A, Level 2, 5 George Street, North Strathfied NSW 2137, Australia 

Designed by elleston

WannaCry: a cyber mugging that’s not your fault

No hay comentarios: