Feb 23
Cyber attack: A wake-up call for tech giants PDF Print E-mail

The tech giant's chief counsel calls the WannaCry attack a "wake-up call" for greater communication on vulnerabilities, according to a global media report.

Microsoft legal chief Brad Smith says governments should share software vulnerabilities with vendors instead of keeping them secret.

Microsoft is criticising government agencies for hoarding software flaws and keeping them secret, calling this weekend's massive ransomware attack a "wake-up call."
Brad Smith, Microsoft's chief counsel, wrote Sunday in a company blog post that by keeping the vulnerabilities secret from vendors, it opens users open to attacks like the WannaCry hack, in which malware locked down computers while demanding a hefty sum for freedom. He compared the WikiLeaks release of NSA hack tools to a theft of weapons from the US military.

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," Smith wrote. "And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today -- nation-state action and organized criminal action.

"The governments of the world should treat this attack as a wake-up call," he wrote. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

This isn't the first time US spy agencies have been accused of knowing about vulnerabilities and keeping them secret. The NSA reportedly knew of the Heartbleed bug for at least two years before the security vulnerability was revealed in 2014, keeping it secret and exploiting it to gather intelligence.

The WannaCry attack has hit thousands of computers across around the world, but hospitals in England have attracted the most attention because lives are at risk while hospital systems are locked down. As of Sunday morning, more than 100,000 organizations in at least 150 countries had been affected, according to Europol, the European Union's police agency.

(Source - The Financial Express)