The "WannaCry" ransomeware attack has been making headlines for the speed at which is spreads as well as the sheer number of victims it so far. As of Monday morning there are about 200,000 victims in at least 150 countries around the globe. There are renewed fears of further damage as workers return to their jobs Monday morning. The virus exploited a vulnerability in Windows that was originally discovered by the US National Security Agency. This exploit, code named "EternalBlue", was published online back in April by a hacker collective known as the Shadow Brokers.
Over the weekend, top Microsoft executive Brad Smith slammed the NSA for its process of the "stockpiling of vulnerabilities." In the modern digital battlefield, Smith compared the issue to the military having some of its Tomahawk missiles stolen. He highlighted the immense work Microsoft has done to help secure their products such as employing 3,500 security engineers. Microsoft also took the unprecedented step over the weekend of releasing a security patch for Windows XP; a product they no longer support.
Shortly after the vulnerabilities were leaked online in April, Microsoft did release a general patch that fixed most of the exploits used by the NSA. Unfortunately, many large corporations still run outdated systems and are slow to implement changes. This is one of the reasons that large institutions like FedEx and British hospitals were infected. “The fact that so many computers remained vulnerable two months after the release of a patch illustrates this" he said.
Smith also make clear that continuous patching and security updates were critical to maintaining a secure system. “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”