Dark Foreboding of “WannaCry” Malware (Part 1)
This Can Be Made into a Powerful Little Cyberweapon
The WCry malware, also called “WannaCry,” has made headlines since last Friday for causing computer problems around the world. It is now probably the most infamous virus ever due to the breadth of its effect, and effectiveness. There is a multitude of malware “in the wild” that behaves in a similar fashion, so why is WCry so bad?
WCry operates by invading computers through vulnerabilities in certain operating systems, primarily Microsoft WindowsXP and later versions of Windows that have not been updated with patches (small fixes to the operating system software). Attacking a computer in this manner is nothing new, it happens quite often.
What is bad now: This vulnerability is newly revealed (a zero-day), it is in many older systems (millions), and step-by-step instructions on how to exploit this zero-day were released by the Shadow Brokers. Modern systems are not affected by this virus but there are many older systems out there not properly managed, including in critical infrastructure as the hospital in Great Britain and the Russian government.
WCry is ransomware, encrypts your data and demands ransom to be paid in Bitcoin currency to decrypt your computer. Bitcoins are nearly impossible to trace and therefore used famously for money laundering. Ransomware is again not new but…
What is bad now: The use of ransomware is growing and the scale of this attack is an unprecedented use of ransomware. Ransomware is bad, if your drive gets encrypted it’s all over. Even if you pay the ransom, there is no guarantee the drive will get encrypted. So far the U.S. government has said no one who has paid the ransom has gotten their data decrypted.
WCry was developed by cyber criminals and possibly North Korea. It was not developed by the NSA. The NSA used the vulnerability for years (not as ransomware but presumably to spy) and never told Microsoft, so it could not be fixed. Now it turns out that the NSA apparently secretly told Microsoft about it after the NSA discovered that it had “leaked” to the Shadow Brokers. Microsoft raced to fix the bugs just weeks prior to the Shadow Brokers releasing the exploit to the public.
Why this is bad now: It originated from our own government. We know the NSA, CIA, FBI, and you-name-it-three-letter-got-agency “hoard” these vulnerabilities, probably independent of each other. Where is the government agency responsible for protecting the United States from attacks on these vulnerabilities? An independent cybersecurity researcher in Great Britain discovered a way to temporarily stop WCry. Why isn’t there a government agency at least trying to do protect our cyber systems in real-time? We have an enormous agency looking for and preventing terrorism, what about cyber crime?
Why this is really bad! It’s not over, already two other exploits have been discovered using the same NSA-leaked exploit.
By the way, the pic at the top of the post is my latest project: It is a low-cost single-board computer with a powerful processor and operating system used by hobbyists. It includes built-in wifi and bluetooth radios. It is the size of a credit card. More devices than you can imagine can be connected to this hardware, think cameras, microphones, location detectors, etc. You might imagine that it could be used in nearly unlimited “less than honorable” ways.
Posted in Cyber Security by Mark with comments disabled.