Over 200,000 computers have been affected by a systemic, global cyber-attack. Initially predominantly affecting the UK and Europe, with further outbreaks in the US and Asia, the attack has seen 48 National Health Service (NHS) Trusts affected, along with other areas of healthcare and business. It is likely that the numbers of infected systems and organisations will grow as users come into work on Monday.
The malicious software used in the attack infects systems and encrypts their contents – often known as ransomware. These types of attacks have been growing in recent years, but have not been seen at this scale before. The attack can move from system to system laterally, as well as being delivered via malicious e-mails.
The vulnerability used by the malware to infect systems seems to have come from public releases of National Security Agency (NSA) tools earlier this year, and demonstrates how quickly criminals will move to exploit new weaknesses in technology. A patch to fix this issue has been available from Microsoft since March, but many organisations have been slow to deploy it and older operating systems such as Windows XP are particularly vulnerable.
The outbreak was slowed on Friday, as a researcher accidently registered a domain name that prevented the malware from working, however by Sunday new versions had appeared without this flaw. As of Monday morning, our research shows that ransoms of approximately £30,500 had been paid via Bitcoin to the attackers, although the actual number is likely to be higher.
There will almost certainly be continued issues, and every user should be vigilant in monitoring all e-mails they receive over the next few weeks, taking care to confirm the providence of any unknown or suspicious attachments where possible. In the short term, it is important that businesses support their internal technology teams in patching the particular vulnerability that allows this issue to spread, and hold their suppliers to account to do the same.
Simply doing the basics and maintaining good cyber security hygiene prevents many of these types of attack. A limited investment in good security practices and controls against common attacks greatly reduces risk, and demonstrates prudent business practice.
In that context, executives should use this outbreak as a reason to have a strategic conversation around cyber risk, gaining assurance that the organisation is managing the risk of future attacks, and being prepared to communicate this to stakeholders and customers. Strategically it is more important than ever to be able to rapidly detect outbreaks such as these, and to be able to respond quickly and effectively. Every pound spent on effective and proportionate defence will pay huge dividends when an incident occurs.
Much of the blame for this week's specific problem has been laid on organisations using Windows XP, an operating system that is 16 years old and has not been supported by Microsoft for three years. Whilst people are strongly advised to move away from the platform, Windows XP is here to stay - it is embedded within many devices, from MRI machines in the health service to Point of Sale systems in large retailers which cannot be easily or cheaply upgraded.
There will be a large global investigation into these attacks, and it is probable that some of the perpetrators will be identified. It is unlikely however that all those responsible will be held to account.
As well as an in-depth investigation we are now likely to see a strong reaction from governments, speeding up the regulation of crypto currencies such as Bitcoin and anonymous payment mechanisms that allow criminals to profit from such attacks. Somewhat conversely, such mechanisms are often the very thing that also allows new digital businesses to thrive.
More broadly, a debate is emerging between large tech vendors and the government, as to where responsibility lies for the disclosure of vulnerabilities. It is likely that the NSAhad previously identified this issue, but for intelligence purposes, chose not to disclose publically. The damage caused by it being leaked into the wild is now, unfortunately, all too clear.