On Friday, a massive cyber attack hit organizations across globe. The attacks crippled two hospitals in the United Kingdom, and hit a number of companies across 150 countries around the world, infecting at least 200,000 computers, with malware disproportionately affecting Russia, Ukraine, India, and Taiwan. Targets also include banks, telecommunication service providers and train stations in countries like Germany, Turkey, Spain and Portugal. The attackers injected a ransomware called WannaCry that locked access to any files – such as patient medical records, forcing the UK hospitals to turn away patients with serious medical conditions – until a ransom payment is made. Demands for ransoms between $300 and $600 in Bitcoin to be paid by Monday, May 15, have been delivered in more than two-dozen languages.
Perhaps most notably, the attackers leveraged a hacking tool called Eternalblue that was found in the April leaks of exploits allegedly belonging to the National Security Agency by a group calling themselves the Shadow Brokers. The alleged NSA exploit allows the ransomware to spread through Windows machines like a worm, locking computers as it moves across an organization's network.
While Microsoft had apparently patched the security vulnerability for the NSA tool in March, a month before the Shadow Brokers leaked it, the overwhelming scope and success of Friday’s attack raises questions about how intelligence agencies like the NSA should handle what are known as zero-day vulnerabilities, or security flaws unknown to vendors, particularly once they have been stolen and leaked by an outside party.
The incident shows what government risks by holding onto exploits. But it also shows the limits of disclosure – if security fixes are not implemented, then little else can help. The Cipher Brief recently hosted a number of security experts on its Cyber Advisory Board to discuss this very topic.
