[ad_1]
Since the beginning of May, Baltimore has been grappling with a serious ransomware attack. A lively debate has erupted within the information security community about who is responsible for the mess.
The match that lit the fire: A story published by the The New York Times Last weekend, he was claimed by the US National Security Agency for helping spread digital infection through computer capture. The report alleges that hackers have used malicious software, nicknamed RobbinHood, badociated with EternalBlue, a powerful self-propagating hack tool allegedly developed by the NSA to target Microsoft Windows software (now obsolete). The code behind EternalBlue was leaked online at the hands of a mysterious yet unknown entity called ShadowBrokers in 2017, and nation-state actors have used this weapon to launch destructive cyberattacks, including WannaCry in North Korea and Russia, NotPetya, resulting in billions of dollars in damages for businesses and governments around the world.
Because the NSA has lost control of this hacking tool, a "key component" of the latest ransomware, according to the Time, the newspaper blames the spy agency.
The reaction on this point has been fierce. Some information security professionals have argued that the malware in question did not need EternalBlue to wreak havoc. Dave Aitel, a former NSA hacker and current security manager for Cyxtera, a data center company, wrote on his personal blog that "this exploit used to make lateral moves for this ransomware is not supported. by no public fact, any more than mine. sources on the issue. "The alternative means of propagation are much more likely," he said. Rob Graham, CEO of Errata Security, a cybersecurity store, admitted that even if the ransomware software included EternalBlue code, he probably was not relying on this tool to spread. "Yes, ransomwares include more and more Eternalblue in their arsenal of attacks, but that does not mean that Eternalblue is responsible for ransomware," he writes on his own blog.
Not surprisingly, the NSA disclaims any responsibility. CALIFORNIA. Dutch Ruppersberger, a congressman from Maryland, said senior NSA officials had told him that "there is no evidence so far that EternalBlue has played a role in the attack by ransomware that hit Baltimore City ". Time reported in a follow-up story on Friday. Rob Joyce, a senior NSA official, presented his own form of disavowal: "It is simply wrong to say that there is an indefensible tool for a nation-state that propagates ransomware," he said. he declares. CyberScoop, a press briefing on cybersecurity.
The NSA has a point. If EternalBlue was really the key to the Baltimore attack, as the Time Originally reported, it appears that Baltimore has failed for years to update its computer systems to defend against a known critical vulnerability. Microsoft has released a hotfix in 2017; The exploit works on machines running outdated Windows software for two years. The harsh truth: Baltimore should have been better prepared.
Keeping computer systems up to date and secure is of course easier said than done. Government offices are constantly short of resources and poor in technical skills and struggle to cope with obsolete equipment. (I worked for the local government – trust me.) Another point to consider: although the NSA is not to blame for the Baltimore debacle, this still does not absolve the agency from its previous negligence. It's unclear how the ghosts lost control of their array of cyber-tips, including EternalBlue, a few years ago, not to mention the identity of the thieves who call themselves the same. ShadowBrokers.
As we ponder these questions and wait for Baltimore to publish more details about its contents, a recommendation: for the sake of all that is sacred, correct this message. other Windows security hole critical and vermifuge. Microsoft released a bug fix called BlueKeep on May 14, but after two weeks, 900,000 computers still seem vulnerable. wired count. If you need a reason to act quickly, just look at Baltimore.
Do the right thing. Piece.
Robert Hackett
@rhhackett
Welcome to the Saturday edition of the technical sheet, Fortune & # 39;Daily technical newsletter. Fortune Robert Hackett reporter here. You can join Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), email encrypted with PGP (see the public key on my Keybase.io), Wickr, Signal, or whatever you prefer (safely). Comments welcome.
[ad_2]
Source link