What was the NSA aware of? Attacking with WannaCry ransomware is live proof that all systems should be updated with the latest patches, as Microsoft usually has them before the exploitation of a exploitative mass exploits. Let's look at some details about the latest malware.
A Washington Post article reveals that the NSA reported the vulnerability that facilitated the spread of WannaCry to Microsoft after discovering that a team hackers stole it from their systems.
The US National Security Service was hit by a cyberattack by the US Shadow Brokers last year. Hackers managed to intercept many tools used by the Service to infect Windows computers.
Most of these exploits used Windows weaknesses, and thus their leak in the Internet could have led to attacks big scale. To prevent this, the NSA reported the errors to Microsoft to fix them, as computers used by the US government were also immediately at risk after the leak.
However service it was delayed and you can probably understand why. Let's see what happened from the beginning:
After recognizing the vulnerability, Microsoft developed an update in mid-February and released it updated to supported Windows systems in March, while unsupported versions of Windows could only get the fix if they were covered by a special support license. After the massive infection with the WannaCry ransomware which started this month, Microsoft has decided to release this update for all users, including those who are still using Windows XP.
More worryingly though, the NSA had been using the same vulnerability to hack into Windows systems for at least 5 years before reporting it to Microsoft. Of course the defect would remain secret if the Shadow Brokers hadn't breached the NSA's systems.
This is one of the reasons why Microsoft has criticized the NSA and government agencies for not directly reporting security bugs to developers, stressing that systems around the world are becoming vulnerable only because they secretly keep important vulnerabilities for their own hacking programs.
“They have repeatedly leaked online, exploited information services and caused extensive damage. An equivalent scenario is to steal conventional weapons from the US Army. such as the Tomahawk rockets. And this latest attack represents a completely unwanted and alarming link between the two most serious forms of cyber-threat in today's world - state and organized crime together. "
