Daily Management Review

Clues To Ransomware Worm's Lingering Risks Found By Security Experts


Clues To Ransomware Worm's Lingering Risks Found By Security Experts
A survey for Reuters by security ratings firm BitSight found that Microsoft's Windows 7 operating system without the latest security updates were being run by two-thirds of those caught up in the past week's global ransomware attack.
Believing that identifying "patient zero" could help catch its criminal authors, researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia.
They are having more luck dissecting flaws that limited its spread.
Security experts warn that further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences while computers at more than 300,000 internet addresses were hit by the ransomware strain.
"Some organizations just aren't aware of the risks; some don't want to risk interrupting important business processes; sometimes they are short-staffed," said Ziv Mador, vice president of security research at Trustwave’s Israeli SpiderLabs unit.
"There are plenty of reasons people wait to patch and none of them are good," said Mador, a former long-time security researcher for Microsoft.
Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity said that WannaCry's worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7.
Although it represents less than half of the global distribution of Windows PC users, Windows 7 accounts for 67 percent of infections, shows data from BitSight covering 160,000 internet-connected computers hit by WannaCry.
While individually vulnerable to attack, incapable of spreading infections and playing a far smaller role in the global attack than initially reported are computers running older versions, such as Windows XP used in Britain's NHS health system.
They have found Windows XP crashes before the virus can spread in laboratory testing, researchers at MWR and Kyptos say.
BitSight estimated that while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, Windows 10, the latest version of Microsoft's flagship operating system franchise, accounts for another 15 percent.
Experts agree that when it was released on March 14 on all computers on their networks are immune, any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled “critical”.
SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs, is a file sharing feature in Windows which Microsoft had asked to be disabled and those hit by WannaCry also failed to heed those warnings issued last year.
"Clearly people who run supported versions of Windows and patched quickly were not affected", Trustwave's Mador said.
Users need to pay hefty annual fees for support for older versions of Windows software such as 16-year-old Windows XP and Microsoft has faced criticism since 2014 for such withdrawals. A nationwide NHS support contract with Microsoft was cancelled by the British government and left the upgrades to some local trusts.
The U.S. software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers and this is slated to draw further criticism in the wake of the WannaCry outbreak.

Science & Technology

Australian Research Success Could Mean Shatterproof Cell Phones Could Soon Be A Realityv

Top ten hi-tech events of the year

Tesla Considering Designing And Developing AI Chips On Its Own To Support Its Auto-Pilot Project

Verizon to introduce 5G in five American cities in 2018

Airbus, Rolls-Royce, Siemens to create an electric aircraft

Study Finds Treatment Efficacy Could Be Sacrificed For Reduced Side Effects In Cancer Therapies By Patients

Some Information About Their Self-Driving Car Research Has Been Disclosed By Apple Scientists For The First Time

A Massive Data Breach Was Covered Up By Uber By Paying Up Hackers

A City Is Can Be Converted To A Living Organism, Showcases China’s Huawei

Workers Would Be Helped To Lift More By These Robotic Vests

World Politics

World & Politics

Phase Two Of Brexit Talks, Announced On Friday, Would Be Tough, Analysts Say

Elections in Italy: the last chance of Eurosceptics?

15 countries with the highest level of organized crime

Athens agreed with international lenders

EU Pressure Reportedly Forces UK To Bow Down, Could Agree To Pay £50bn For Brexit Divorce

$1 Billion Is The Price For Freedom For Arrested Saudi Prince In Corruption Crackdown: Reports

U.S. Capital Washington Appears To Be In Range Of The Latest Missile Launched By North Korea

Ten biggest fears of millennials