WannaCry proves govts must stop hoarding exploits: MS


By Dylan Bushell-Embling
Tuesday, 16 May, 2017

WannaCry proves govts must stop hoarding exploits: MS

The weekend’s WannaCry ransomware outbreak should act as a “wake-up call” for governments to stop hoarding known vulnerabilities for espionage purposes, and instead report them to vendors, according to Microsoft.

In a blog post, Microsoft President and Chief Legal Officer Brad Smith said leaks of vulnerabilities collected and used by government agencies has become an emerging pattern in 2017.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” he said. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”

He likened the scenario to the US military having some of its missiles stolen, and said governments should be applying the same rules involving securing weapons in the physical world to protecting civilians against the damage that can be inflicted on them with such exploits.

“This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organised criminal action,” he said.

“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

In February, Microsoft called for a new ‘Digital Geneva Convention’ to govern issues associated with government exploitation of known vulnerabilities, including a new requirement for governments to report vulnerabilities to vendors rather than stockpile or exploit them.

The WannaCry ransomware campaign claimed at least 200,000 victims in 150 countries and caused widespread disruption to organisations such as the UK’s National Health Service. It involved exploiting a known vulnerability in Microsoft’s implementation of the Server Message Block (SMB), an exploit discovered by the US NSA and leaked by the group known as The Shadow Brokers in April.

Follow us on Twitter and Facebook

Related Articles

Adapting to new cybersecurity challenges: a roadmap for Australian government agencies

Given the rise in cyber threats against government networks and critical infrastructure sectors,...

Growing fraud trends in Australian health care

As the healthcare landscape evolves, so do the methods of fraud.

Overcoming the top cybersecurity challenges faced by public agencies

With a new cybersecurity strategy out and the right approach to key challenges, the public sector...

Content from other channels on our network

The fire on Marley's Hill

Sanctions on Hytera halted by appeals court

MXene-based compound to enable 3D-printed antennas

Long-range drones used to surveil bushfires in NSW

Luxembourg DoD adds satcom ground infrastructure

Zendesk launches AI-powered customer experience solution

How breakfast influences student achievement

Fujitsu establishes security consulting division

Ingram Micro Experience 2024 open for registrations

Secure-by-design software development for digital innovation

What factors influence hospital staff retention?

Hospital uses AI model to improve physician–nurse collaboration

Finalists announced for 2024 HESTA Australian Nursing & Midwifery Awards

GenesisCare expands with $35m Northern Beaches cancer centre

In Conversation with Royal Women's Hospital CEO Sue Matthews

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd