Confluence of factors led to cyberattack
NEW YORK — The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.
Not to mention the fact that those responsible were able to borrow weaponized software code apparently created by the U.S. National Security Agency to launch the attack in the first place.
Other criminals may be tempted to mimic the success of Friday’s “ransomware “attack, which locks up computers and hold people’s files for ransom. Experts say it will be difficult for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe.
But we’re still likely to be living with less virulent variants of WannaCry for some time. And that’s for a simple reason: Individuals and organizations alike are fundamentally terrible about keeping their computers up-to-date with security fixes.
Once inside an organization, WannaCry uses a Windows vulnerability purportedly identified by the NSA and later leaked to the internet. Although Microsoft released fixes in March, the attackers counted on many organizations not getting around to applying those fixes. Sure enough, WannaCry found plenty of targets.
Since security professionals typically focus on building walls to block hackers from entering, security tends to be less rigorous inside the network. WannaCry exploited common techniques employees use to share files via a central server.
“Malware that penetrates the perimeter and then spreads inside the network tends to be quite successful,” said Johannes Ullrich, director of the Internet Storm Center at the SANS Institute.