Summary: Let’s take a break from the media hysteria about the massive global attack by software built by the NSA. Cybersecurity expert Marcus Ranum explains why hospitals were the focus of the attack, why organizations are so vulnerable after a decade of warnings, and what will create effective defenses. This continues our years of coverage about cybersecurity, one of the most important frontiers of 21stC conflict. Second of two posts today.
“At the moment we are in the face of an escalating threat, the numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.”
— Rob Wainwrigh (the executive director of Europol) on ITV’s “Preston on Sunday”, from the NYT’s “Cyberattack’s Impact Could Worsen in ‘Second Wave’ of Ransomware“.
“The Massive Ransomware Attack – and the Most Boring Topic in IT Security“
By Marcus Ransom. From the FreeThought Blogs.
Reposted with his generous permission.
Text deleted by the author’s request. Another disgruntled leftist!
Some useful news stories about the event
- Technical details: “WannaCry ransomware used in widespread attacks all over the world“.
- NYT: “Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool“.
- BBC: “GPs and hospitals hit by ransomware“.
- BBC: “Security blogger halts ransomware ‘by accident’“. Here is his report.
- BBC: “Europol says it was unprecedented in scale“.
- BBC: “Nissan’s Sunderland plant hit by cyber-attack“.
- Reuters: “German rail operator affected by global cyber attack“.
- Reuters: “Renault stops production at some sites after cyber attack“.
- Reuters: “FedEx reports malware interference in global cyberattack“.
- Reuters: “Telefonica, other Spanish firms hit in “ransomware” attack“.
- Reuters: “Swedish engineering group Sandvik says hit in cyber attack“.
- RIA reported by Reuters: “Russia’s central bank says domestic banks withstood massive cyber attacks“.
- China Plus: “Global cyber-attack hits Chinese universities“.
- Comment by William Binney about this incident. He is a former senior NSA executive (Wikipedia).
About the author
Marcus J. Ranum is a cybersecurity consultant and author of The Myth of Homeland Security
He is a world-renowned expert on security system design and implementation. He is recognized as an early innovator in firewall technology, and the implementor of the first commercial firewall product. Since the late 1980′s, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR’s Network Flight Recorder intrusion detection system.
He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC “Clue” award for service to the security community, and the ISSA Lifetime Achievement Award. Marcus is Chief Of Security for Tenable Security, Inc., where he is responsible for research in open source logging tools, and product training. He serves as a technology advisor to a number of start-ups, established concerns, and venture capital groups.
For More Information
If you liked this post, like us on Facebook and follow us on Twitter. See all posts by Marcus Ranum, about Cyber-security and Cyber-crime, and especially these…
- The Best Defense Is a Strong Defense. Never Fight a Land War in Cyberspace — By Marcus Ranum.
- Unraveling the Complexities of Cyber Terrorism, by Edwin Covert.
- Complacency in Cyberspace May Be Our Biggest Vulnerability, by Emilio Iasiello.
- Is the best defense a strong offense in cybersecurity? — By Emilio Iasiello.
- Stratfor: it’s the breakout year for cybercrime! How do we fight it?
- After the largest cyberattack ever, here’s how to defend against the next & bigger ones — by Marcus Ranum.
- Cybercrime: Now More Profitable Than The Drug Trade.