What did the NSA know? The WannaCry ransomware attack is living proof that all systems should be up to date with the latest patches, as Microsoft it usually has them before mass exploitation of an exploit begins. But let's look at some details about the recent malware.
A Washington Post article reveals that the NSA reported the vulnerability that facilitated the spread of WannaCry to Microsoft after discovering that a team hackers stole it from their systems.
The US National Security Service was hit by a cyberattack by the US Shadow Brokers last year. Hackers managed to intercept many tools used by the Service to infect Windows computers.
Most of these exploits used Windows flaws, so their leakage on the internet could have led to large-scale attacks. To avoid this, the NSA reported bugs to Microsoft to correct them, as the US Government's computers were also immediately vulnerable to the leak.
However, the service has been delayed and you may understand the word. Let's see what happened from the beginning:
After recognizing the vulnerability, Microsoft developed an update in mid-February and released it updated to supported Windows systems in March, while unsupported versions of Windows could only get the fix if they were covered by a special support license. After the massive infection with the WannaCry ransomware which started this month, Microsoft has decided to release this update for all users, including those who are still using Windows XP.
More worryingly though, the NSA had been using the same vulnerability to hack into Windows systems for at least 5 years before reporting it to Microsoft. Of course the defect would remain secret if you Shadow Brokers did not breach NSA systems.
That's one of the reasons why Microsoft criticized the NSA and government agencies for not immediately reporting security flaws to developers, pointing out that systems around the world are only becoming vulnerable because they keep important vulnerabilities secret for theirs programs hacking.
“They have repeatedly leaked online, exploited information services and caused extensive damage. An equivalent scenario is to steal conventional weapons from the US Army. such as the Tomahawk rockets. And this latest attack represents a completely unwanted and alarming link between the two most serious forms of cyber-threat in today's world - state and organized crime together. "