As terrifying as the unprecedented global “ransomware” attack was, cyber security experts say it’s nothing compared to what might be coming — especially if companies, organizations and governments don’t make major fixes.Had it not been for a young cyber security researcher’s accidental discovery of a so-called “kill switch,” the malicious software likely would have spread much farther and faster.Security experts say this attack should wake up every corporate board room and legislative chamber around the globe. Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off. This one worked because of a “perfect storm” of conditions, including a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks.Darien Huss, a 28-year-old research engineer who assisted the anonymous British researcher lauded a hero, said he was “still worried for what’s to come in the next few days because it really would not be so difficult for the actors behind this to re-release their code without a kill switch or with a better kill switch. Or we could potentially see copycats mimic the delivery or exploit method they used.”Security officials in Britain urged organizations to protect themselves by installing the security fixes, running antivirus software and backing up data elsewhere. Experts say this vulnerability has been understood among experts for months, yet too many organizations either failed to take it seriously or chose not to share what they’d found. The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March, but Microsoft didn’t make freely available the patch for Windows XP and other older systems.”The problem is the larger organizations are still running on old, no longer supported operating systems,” said Lawrence Abrams, a New York-based blogger who runs Bleeping Computer.com. “So they no longer get the security updates they should be.”Britain’s National Cyber Security Center said it could have been much worse if not for a young cyber security researcher who helped to halt its spread by accidentally activating a skill switch in the malicious software.
For more news updates Follow and Like us on Facebook