Microsoft blamed this past week’s global cyber attack on leaked NSA code and warned the U.S. government to start storing cyber weapons properly.
The company also cited the recent WikiLeaks releases that included leaked code for CIA programs before declaring that government agencies need to start treating cyber weapons like missiles, adding extra protection.
“Early Friday morning the world experienced the year’s latest cyberattack,” wrote Microsoft in an official blog post. “Starting first in the United Kingdom and Spain, the malicious ‘WannaCrypt’ software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.”
“That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers,” they continued. “While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.”
Microsoft added that “this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”
“This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” the company declared. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”
“The governments of the world should treat this attack as a wake-up call,” they continued, claiming that government agencies “need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” Microsoft concluded.
“By failing to support older versions of its operating system, the IT company provided the hackers that stole the NSA’s IT Tomahawk Missile the opportunity they needed,” expressed The Independent, while The Inquirer voiced similar concerns in an article titled “Microsoft, it’s not just the NSA. If you want to kill WannaCry, fix broken Windows.”