Spotlight: WannaCry attacks rekindle cyber security concerns with limited loss expected

Source: Xinhua| 2017-05-21 13:58:25|Editor: en_lyr
Video PlayerClose

BEIJING, May 21 (Xinhua) -- While the global impact of the WannaCry ransomware has dwindled with effective cures after it swept across nearly 150 countries, the serious question that remains is how the world learns from the cyberattacks to improve global commitment to cyber security.

The global cyberattacks caused by the cyber virus WannaCry, which broke out on May 12, could be the biggest of its kind ever recorded, experts say.

The ransomware attacks, spreading fast and far, have hit major countries including the United States, Russia, Germany and China.

In Britain, many National Health Service (NHS) organizations have also suffered the cyberattacks and their daily work was disrupted.

"It is not just the NHS affected: reports suggest it is a global problem," said Prof. Alan Woodward who is a visiting professor of computing at University of Surrey.x The scale of impact to NHS systems, in particular, reveals "a worrying lack of resources and commitment from senior management and political leadership," said Dr. Theo Tryfonas at Department of Civil Engineering at University of Bristol.

For precautions it was necessary to install Microsoft security software updates that had been released in March for newer versions that didn't include XP. But there are still a lot of systems that have not been upgraded to fix the issue, due to negligence or financial matters.

However, cyber security experts also believe the damage so far is limited because the attacks can be effectively prevented with Microsoft updates and that taking precautions is not technically difficult.

"I think that the damage from this virus can hardly be considered significant," said Mikhail Braude-Zolotarev, director of the Center for IT Research and Expertise of the Russian Academy of National Economy and Public Administration (RANEPA).

"Critical information resources of state bodies, for example, those that store the legal status of citizens or legal entities, are protected well, and they are usually located in closed segments of the network," he said.

WannaCry takes advantage of the Windows exploit known as Eternal Blue which exploits a vulnerability that Microsoft patched in security update MS17-010 on March 14, to gain remote access to users' computers and install malicious driver programs before locking files and demanding a ransom in bitcoins.

While the damage may have been brought under control in the aftermath of the massive ransomware attacks with remediation plans, the issue of strengthening commitment to cyber security and raising awareness on safe Internet use remains a pressing priority for policymakers across the globe.

"The far-reaching impact of Friday's cyber attack has proven that any organization is at risk of being hacked. Good security measures and training can help to reduce the risk of attacks from becoming disruptive," said Nick Coleman who is the chair of the Institution of Engineering and Technology (IET) IT Panel.

"It would be naive to think that we can patch every cyber security vulnerability as we transform to an increasingly connected world," Nick said.

"Instead, questions on cyber security governance and frameworks are hopefully among the discussions taking place in boardrooms today," he pointed out.

Co-founder and CTO of Hillstone Networks Inc. Tim Liu told Xinhua that organizations need to adopt best security practices to defend against similar cyber threats.

Those practices include patching vulnerable systems promptly, training users on security awareness to reduce unsafe use of the internet and implementing incident response procedures and policies to deal with potential breaches.

As the malware raged around the world, some may argue that bitcoins and other crypto-currencies should be banned since they provide anonymity for transactions and therefore are often used for criminal purposes.

"This is like an open window in a skyscraper - you can fall out and kill yourself. But we do not ban windows, do we?" Mikhail told Xinhua in an interview.

"You just need to learn how to use them carefully. Mankind will always generate new technologies that, on the one hand, will make our life easier, and on the other, can be used for harmful purposes and in a way present a threat," he said.

"Accordingly, mankind creates some ways of protection. This process is eternal and infinite," he added.