“You need preparing, but most of all, you need constant, never ceasing vigilance.”
—Alastor ‘Mad-Eye’ Moody
In April, when Rebekah Brown wrote about the release of the NSA hacking tools, she said it was not time, yet, to build a bunker. While the jury is still out about the bunker, in the same Rapid7.com blog she correctly predicted, “It will not be long before we will start to see more widespread attacks using these tools.” Less than a month, it turns out.
It is easy to brush off the over-reported drama of the WannaCry attack, but there are a few lessons worth our time. For example, by now everyone has heard that the attack used EternalBlue, one of the vulnerabilities stolen from the NSA and released to the world. What no one is telling you is that it was just one of several NSA hacking tools revealed in the data dump. Along with EternalBlue are EternalSynergy, EternalRomance, EternalChampion, EmeraldThread, EskimoRoll, EducatedScholar, and EclipsedWing. The NSA have a lot of time on their hands.
Theoretically, those were all patched by the Microsoft release in March and then for older systems on May 13, 2017. The May 13 patch was in reaction to the WannaCry attack, not an indication regular updates will continue for those older systems. This raises the question of just who is responsible for the weakness. Clearly, the ransomware hackers are ultimately to blame, but there are, and always will be, bad actors. If you leave your car doors unlocked there’s a good chance someone will steal your Ray-Bans. Who is ultimately responsible for locking the software doors?
The knee-jerk answer is Microsoft. All over the Internet this week, it’s open season on Seattle. Microsoft patched the known vulnerability in March for all systems they currently support. Administrators and users running currently supported systems, who did not install the updates, have no one to blame but themselves. It is clear we have moved past the era when updates, particularly security updates, are optional.
Lesson One: Apply Updates.
A significant number of the computers affected were older models that Microsoft no longer supports. Should Microsoft support them? Federal law only requires automakers to continue to have parts available for a car within the warranty period — the longest interval of eight years for emissions parts. Microsoft replaced XP with Vista in 2007, so XP installations are 10 to 16 years old. Just how long is a software developer responsible for old software? Moreover, this attack was proliferated through fake emails. Is Microsoft responsible when your staff click on an email promising “This kitten will make you cry.”
People clinging to XP know they are working on borrowed time. Similarly, three or four years ago, tech administrators were reading articles that recommended migrating away from Windows Server 2003. At what point does holding on to an unsupported operating system become the end user’s responsibility. A few weeks ago, in this blog, I wrote that four, five, and even six year-old servers are still viable, but retaining a ten year-old operating system is clearly an at-your-own-risk proposal.
More than 230,000 computer users in 150 countries take the risk. That is the estimate of units attacked by WannaCry. The 230,000 does not include the countless XP, server 2003, and other older builds that were not victims of the ransomware because their users didn’t open the phishing emails. The ubiquitous world map of blue dots showing attack localization is educational. You might expect that the older and non-updated systems would be concentrated in third world countries, but the map shows a distinct cluster in our Pacific Northwest, the very home of Microsoft. The British Health Service made the news, but ask anyone in the US medical profession and they will tell you there are scanners, imagers, and other stand-alone devices, used every day, running a Windows XP interface. Brazil’s Social Security System, German Railways, Spain’s Telefonica, French automaker, Renault were all victims of the attack, all running old software.
Lesson Two: People, businesses, and governments do not replace old equipment.
Given the realities that people are not prompt with updates, and that computers can stay in service and continue to perform years beyond end-of-support, Cyber security is a worldwide problem. EternalBlue and the seven other weapons stockpiled by the NSA are dangerous. When the NSA let them slip away, they were irresponsible at best. Regardless of your position on the world order and immigration, cyber weapons are a world concern. Unlike nuclear bombs and mustard gas, cyber weapons are easy to deploy, and have no localized restrictions. It takes a missile or plane to deliver a bomb. A guy in his pajamas with a computer and a bad attitude can launch a cyber-attack.
Lesson Three: Governments building cyber weapons must protect them as they do warheads.
It is unlikely that spy agencies (the USA is not alone) will give up their cyber tools. Microsoft and other software vendors can only be expected to support systems for a reasonable interval. People will never be fully compliant with updates, even when provided. Lastly, computers running old operating systems will not disappear. Given these absolutes, the best solution is still common sense and personal attention. These attacks spread through phishing emails that a single user in the system opened. The people on the front lines, those tricked by the promise of foreign payouts, fake PayPal invoices, and hot Russian brides are the gateway for attacks.
Lesson Four: Don’t be that guy.
You don’t need a bunker. Just be vigilant. Do not open emails, especially attachments, from people you don’t know. Be suspicious of anything that is not in your normal email routine. To Paraphrase Smokey the Bear: “Only you can prevent ransomware.”
As it has since 1976, Frontier Computer Corp. can provide IT hardware and enterprise computing solutions. Our expert logistics team can even deliver to your bunker.
Contact FrontierUS at 866.226.6344.
Frontier Computer Corp. is a leader in providing IT solutions worldwide.
