The Wannacry ransomware epidemic was especially virulent, thanks to its core: a weaponized vulnerability in Windows that the NSA had discovered and deliberately kept a secret so that they could use it to attack their adversaries.
Despite the incredible havoc Wannacry wreaked around the world, it made a pittance for its wielders: they walked away with a mere $140,000 in $300 payouts for unlocking the systems that were hijacked by a self-spreading superweapon in the hands of dum-dums.
Among the most prominent ransomware victims were NHS facilities, including hospitals, across the UK. All told, the epidemic cost the cash-starved health system £92m (£19 in lost output, £73m in IT expenses in the aftermath).
We talk a lot about cyberwarfare being asymmetrical in that the attackers can use comparatively little resources and get very large effects, but it is also asymmetrical in that attackers eke out pretty small gains from their attacks, while costing their victims much larger sums.
Following the attack, the NHS has pledged to bite the bullet and upgrade all of its systems to Windows 10 after it was found that the service's outdated, and unpatched Windows XP and Windows 7 systems were largely to blame.
It has also so far spent £60m to bolster its security defences since WannaCry stuck, and said it plans to spend a further £150m more over the next three years.
The NHS has increased infrastructure investment of £60m this year to the most vulnerable services, such as major trauma centres and ambulance services, and UK gov has committed £150m to upgrade NHS technology systems over the next three years.
WannaCry attack cost cash-strapped NHS an estimated £92m [Carly Page/The Inquirer]
(via Memex 1.1)
Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product.
For decades, people (including me) have predicted that cyberinsurers might be a way to get companies to take security seriously. After all, insurers have to live in the real world (which is why terrorism insurance is cheap, because terrorism is not a meaningful risk in America), and in the real world, poor security practices destroy […]
On the one hand, nostalgia is “a corruption of the historical impulse,” according to William Gibson. On the other hand, “Super Mario Bros.” will never not be cool. Luckily, there’s a way to satisfy that retro gaming while still keeping an eye on the future: The GameShell Kit. This thing is simultaneously the last handheld […]
The field of data analytics can get intimidating, even for business professionals who constantly rely on it. But at its heart, its purpose is to simplify. To take mounds of information and distill their insights into a single clear picture. Currently, the go-to software for painting that picture is Tableau. And if you want to […]
If you’re in the market for a stable, durable camera fully suited for first-person video, there’s a good chance that you’re the adventurous type. So why settle on a familiar name like GoPro? The DJI Osmo Action 4K HDR Camera checks off all the same boxes on the action cam checklist as the GoPro 4K […]