from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: May 19, 2017

An analyst looks at code in the malware lab of a cyber security defense lab at the Idaho National Laboratory Jim Urquhart / Reuters

May 19, 2017

An analyst looks at code in the malware lab of a cyber security defense lab at the Idaho National Laboratory Jim Urquhart / Reuters
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. WannaCry: Assessing the Damage. Countries are still reeling from a ransomware attack that compromised companies, banks, hospitals, and university networks around the world using a Microsoft Windows exploit. The media is calling WannaCry the biggest cyber attack to date, and cybersecurity experts and government officials are still assessing the damage. Countries like China and Russia where software piracy is rampant were particularly hard hit, since computers using unlicensed copies of Windows were not prompted to download an emergency update that patched the vulnerability.

More on:

Cybersecurity

Digital Policy

In the United States, some officials declared a cautious victory on Friday, saying that “aggressive” efforts to push patches and strong “blocking mechanism” defending federal government systems helped the United States avoid the worst of WannaCry. In addition, the U.S. unintentionally benefited from a stroke of luck: Last Friday, while Americans were still sleeping, a British cybersecurity researcher found a “kill switch” in the ransomware’s code, buying time for U.S.-based computers to install the patch.

While the worst of WannaCry might be over, the Shadow Brokers, a group responsible for dumping the NSA hacking tools used in WannaCry, promised to leak more stolen exploits and data on a monthly basis. Meanwhile, there is some evidence that the actor behind WannaCry is the same North Korean-sponsored hacking group behind the 2014 Sony Picture hack.

2. ...And the Blame Game Begins. When the WannaCry ransomware worm fanned across the web last Friday, fingers immediately pointed towards the NSA, which originally developed and used the exploit for intelligence gathering. Microsoft President Brad Smith led the charge, calling WannaCry a “wake-up call” for governments and blasted the NSA for stockpiling vulnerabilities. Around the world, government officials vented against the NSA. Chinese state-media even chimed in, comparing WannaCry to the terrorist hacking in Die Hard 4, and blaming the US for developing the exploits in the first place.

Microsoft did not escape blame either. Despite patching the vulnerability in Windows a month before the Shadow Brokers published the hacking tools online, Microsoft resisted providing the patch for free to older versions of the operating system, which would’ve immunized many computers from the WannaCry attack. While the company ultimately relented, providing the patch to machines using unsupported versions of Windows last Friday, Microsoft still requires users of older systems to subscribe to a “custom” support service that can cost up to $1000 a year per a device for the latest updates.

In Congress, the WannaCry attack prompted a rare bipartisan effort to reign in how the NSA uses software vulnerabilities. The PATCH Act would update the opaque vulnerabilities equities process (VEP) with a legal framework and review board to decide when vulnerabilities are disclosed. The bill received praise from experts, the private-sector, civil liberties groups.

More on:

Cybersecurity

Digital Policy

3. Welcome to the Big Leagues. A new FireEye report says that OceanLotus, or APT32, is “aligned with Vietnamese government interests,” making Vietnam one of the first small countries to harness large-scale cyber espionage for state objectives. The report documents how APT32 targeted private sector companies, media outlets, dissidents, and governments across Europe and Asia since 2014. The Vietnamese government appears to use hacking to silence dissent, keep tabs on companies, as well as counter its bigger neighbor, China. APT32 was first identified by Chinese cybersecurity firm Qihoo360 in 2014 in connection with the hacking pf state-owned companies working in the South China Sea, where China and Vietnam have a territorial dispute.

4. Is Great Britain Next? U.K. politicians are raising the alarm that Russia might interfere in the country’s upcoming election. In an interview on Wednesday, U.K. Foreign Minister Boris Johnson said there’s a “realistic possibility” of Kremlin meddling in the U.K. election. In addition, GCHQ’s National Cyber Security Centre (NCSC) issued guidance this week on how candidates and politicians can defend themselves against hackers. Whether or not Russia has an interest in swinging the election outcome, Kremlin influence has become synonymous with information operations. Russian state-sponsored hackers most recently dumped email from Emmanuel Macron’s campaign on the eve of the French presidential election. Meanwhile, the U.S. is still picking apart the details of Russia's information operation to influence the outcome of the 2016 presidential race.

Up
Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close