There are investigations into three Australian organisations that may have been affected by a cyber attack.
MICROSOFT president Brad Smith has come out swinging after the disastrous WannaCry ransomware attack, slamming the National Security Agency for its part in the cyber crime.
Mr Smith, who is also the who is also the chief legal officer with the software giant, equated the NSA losing the hacking tool used in creating WannaCry as being the same as the US military losing a Tomahawk missile.
In a blog post, Mr Smith has expressed the frustration that so many companies and government departments have fallen foul to the ransomware even though Microsoft released a security patch for it two months ago.
Earlier this year, Mr Smith called for a Digital Geneva Convention to tackle the rise in state-sponsored cyber terror attacks with 74 per cent of businesses expected to be hacked each year.
Now he has targeted the NSA, which reportedly for years used a tool exploited in WannaCry to hack into people’s computers.
The tool was recently leaked from the NSA and used in the attack on the weekend which potentially could infect millions of computers across the globe.
In a blog post today, Mr Smith says the weekend’s attack needed to be a call of action by governments around the world.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017,” he said.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.
“The governments of the world should treat this attack as a wake-up call,” he said.
“They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.
— Troy Hunt (@troyhunt) May 13, 2017
Security expert Troy Hunt says another major issue raise by the WannaCry attack is how slack many organisations are in updating their software. Microsoft was forced to issue a security patch for the sixteen-year-old Windows XP on the weekend because so many people still using the software were hit by the ransomware.
“The eternal problem is that for individuals, there’s the often the attitude of “well it works fine, why should I change it?” and this is enormously dangerous,” Hunt says in his blog post.
“Organisations are notoriously bad at keeping software modern, especially those in the public sector.”
Smith said organisations that did not update their software with the latest security patches were “fighting the problems of the present with the tools of the past”.
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.”