Microsoft Calls Out NSA For Stockpiling Cybersecurity Secrets: WannaCry Ransomware Should Serve As 'Wake-Up Call'
Microsoft has called out government agencies, and the National Security Agency in particular, for stockpiling cybersecurity vulnerabilities, which led to the creation and launch of the massively damaging WannaCry ransomware.
According to Microsoft, the havoc caused by WannaCry should serve as a "wake-up call" for governments around the world.
Hackers Unleash WannaCry
Last month, a group known as the Shadow Brokers leaked hacking tools allegedly used by the National Security Agency to hack into computers powered by Microsoft's Windows.
While Microsoft said that it had already released patches for the vulnerabilities exploited by the leaked tools, another hacking group apparently used one of the leaked tools to create the WannaCry ransomware.
The ransomware, which utilized a Windows exploit named EternalBlue, hit computers around the world starting the early morning of May 12. The systems that were affected had not yet installed the patch that Microsoft released as protection against EternalBlue.
WannaCry affected institutions such as hospitals and telecommunications companies and from as many as 74 countries. Once the ransomware infects a system, all its files are encrypted, and the attackers then demand a $300 payment in bitcoin so that the files will be unlocked.
Microsoft Takes Shot At NSA, Governments
In the wake of the massive cybersecurity attack, Microsoft issued a statement regarding the WannaCry ransomware and how everyone needs to come together to be able to prevent such incidents from happening again.
Microsoft noted that its standing as a technology company meant that it holds first responsibility to address cybersecurity issues. The company has over 3,500 security engineers working nonstop to eliminate threats, but it admitted that it still has lessons to learn, especially with the propagation of WannaCry.
Microsoft also highlighted the importance of awareness among customers, whether businesses or personal users, to regularly update their systems. The patches released by technology companies such as Microsoft will not protect users unless they do their part of installing these patches as soon as they come out.
"Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Microsoft then said, calling out the CIA secrets that surfaced on WikiLeaks and the hacking tools stolen from the NSA that led to the WannaCry attack. If exploits are kept secret, then technology companies will not be able to patch them up and protect users from criminals.
Microsoft noted the massive damage caused by the leaked cybersecurity vulnerabilities that governments held. The company compared such incidents to Tomahawk missiles being stolen from the United States military and stressed the troubling link between actions made by governments and criminal attacks launched by hackers.
"The governments of the world should treat this attack as a wake-up call," Microsoft continued, claiming that they should apply cybersecurity rules similar to the laws governing physical weapons. Governments should start considering the damage dealt to civilians from hoarding cybersecurity vulnerabilities.
Microsoft then called for the technology industry, customers, and governments to team up against cybersecurity attacks, as fighting against the growing strength and capabilities of hackers will need a collective effort.