Worse is yet to come, say experts
Hackers could re-release their code without a kill switch or with a better kill switch
London, May 14: As terrifying as the unprecedented global “ransomware” attack was, cybersecurity experts say it’s nothing compared to what might be coming — especially if companies, organisations and governments don’t make major fixes.
Had it not been for a young cybersecurity researcher’s accidental discovery of a socalled “kill switch,” the malicious software likely would have spread much farther and faster. Security experts say this attack should wake up every corporate board room and legislative chamber around the globe.
Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off. This one worked because of a “perfect storm” of conditions, including a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks. What’s worse, those responsible were able to borrow a weaponised “exploit,” apparently created by the US National Security Agency, to launch the attack in the first place.
Darien Huss, a 28-year-old research engineer who assisted the anonymous British researcher lauded a hero, said he was “still worried for what’s to come in the next few days because it really would not be so difficult for the actors behind this to rerelease their code without a kill switch or with a better kill switch. Or we could potentially see copycats mimic the delivery or exploit method they used.”
Now that “WannaCry” malware is out there, the world’s computer systems are vulnerable to a degree they haven’t been before, unless people quickly install Microsoft’s security patches.
This is believed to be the biggest online extortion attack ever recorded.
At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow.
ROB WAINWRIGHT, Europol director