Last week, one of the largest cyber security attacks of recent times affected over 300,000 Windows systems worldwide with WannaCry or WannaCrypt ransomware — a malware which exploits a Windows bug and gains access to the system, locking the crucial files.
The ransomware affected a number of countries including Russia, Ukraine, India, Spain, UK, USA, Brazil, China and several others in North and Latin America.
The ransomware which was initiated via SMB in system servers has affected over 300,000 computers worldwide, taking the files on these systems hostage until the ransom — demanded in bitcoins — is paid off by the organisations.
While these are the numbers that have been revealed, cyber security experts fear that several companies might not even be reporting getting hit by the cyber attack in fear of losing face.
The vulnerability in Windows was first found by National Security Agency (NSA) of USA and the agency has faced much criticism for dumping information related to the vulnerability online.
The vulnerability which inspired the attacks was fixed by Microsoft in an update rolled out on March 14, 2017, but those running old OS like XP as well as those who had yet not updated their systems were among the ones hit by the attack.
The company representative expressed discontent by the actions of the government agencies which have caused a lot many to suffer and pointed out that there is a need for “governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them”.
“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need government to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” the company representative said.
In the cyber age, governments are waging war via the internet — surveilling enemies and even their own citizens to keep their own country secure.
But there is need to understand that cyber weapons can be as harmful as the physical ones and there is dire need to dispose of them responsibly — since there seems to be no foreseeable end to government’s hoarding cyber vulnerabilities against their enemies.
WannaCry is Unlikely to Affect Updated Smartphones
There has been increasing fear that Android devices might also be affected by the WannaCry ransomware which is spreading like wildfire but luckily, for now, the malware is only hitting systems on a server and are targeted towards organisations which are more likely to pay than individuals.
But nothing can be said for sure regarding the attacker’s intentions, they can choose to target smartphones at any time too.
The good news is Google releases security updates for Android devices almost every month — although in certain countries the carriers are responsible for rolling these over to their customers.
Even devices running on older Android OS like Kitkat or Marshmallow receive security updates, even if they’re unable to use new features like Google Assistant.
Google fixes any new found security vulnerability via these updates and if your device has the latest security update from Google, there is nothing to worry about.
Even though Google tries to send updates for most of the Android-powered devices, reportedly, over 100 million devices are still running on outdated security software and can be vulnerable to ransomware attacks.
But this still shouldn’t make smartphone users be as concerned as even the attackers are looking at easier options who are more likely to pay-up.
For instance, if we take the case of the hospital systems held hostage in UK, they’re more likely to pay up in order to safeguard their patient’s information that has been encrypted by the attacker than a teenager with photos and contacts to lose — which otherwise, in all likeliness — is also backed up on cloud.
Although there isn’t much to worry about, a flaw was recently discovered by security experts which remain unfixed by Google and can lead to a ransomware attack on Android devices. The flaw will only be fixed in Google’s next OS update — Android ‘O’.
Better Security on the Internet is Needed
This attack, however, is an indication that as technology gets more enabling and efficient, it’ll also need higher security standards in order to battle the sophisticated attacks.
As the technology surrounding the Internet of Things evolves, additional security layers will have to be incorporated in order to mitigate any vulnerabilities arising out of such complex connectivity.
Not only is security the responsibility of the manufacturer, but also of the consumer as the latter is responsible for updating their devices to the latest software provided to protect against such attacks.
As Microsoft puts it, if consumers don’t update their systems with the latest software then “they’re literally fighting the problems of the present with tools from the past”.
Let’s just put it this way. You’re having the perfect Sunday morning in your house which is equipped with Smart home devices — at your service with a simple tap on your smartphone. That’s a lot of smart in a single sentence.
But if not for proper security measures in place, an attacker could exploit a vulnerability, intrude your home network and gain access to all the things connected via that network — your smart home devices.
To put things into perspective, imagine Alexa telling you to pay $100 in order to get your Echo working again and bugging you to do so every few minutes; your smart fridge refusing to cool; smart TV refusing to switch to something you want to watch and so on — until you pay up.
With the idea of cars connected to your Android devices, it’s a possibility that you might get a message asking to pay a few hundred bucks in order to get your car started.
Smart Homes devices are slowly and steadily finding their place in our homes and arguably add convenience to our lives. But in addition to the price you pay acquiring these smart assistants to grant a modern feel to your home, they might also be costing your privacy.
If these attacks are anything to go by, then security measures in the era where Internet of Thing devices are commonplace need to be of much better standard than it’s today to handle attacks when hackers shift their attention to smart home devices.
So far the attack has crippled government services in India, Russia, Canada, Columbia, Indonesia, Slovakia, Romania and several others, and corporates like FedEx, Hitachi, Nissan, Sandvik, Renault and more.
The attack could cost the government and corporate organisations north of $4billion in bitcoin as there is still no certainty as to whether the attacks have been completely mitigated or a second wave might send some more shocks.
Internet-connected devices across the globe need security updates every now and then to be able to protect users against attacks that exploit vulnerabilities found on the system.
So, it’s always advisable to at least update your system with the security updates from the vendor which rolled out to mitigate exploits that can be used by an attacker to harm your device and files contained within.