WannaCry als Warnung aber mit dem IoT kommt es noch schlimmer
Bruce Schneier, bekannter Security-Experte und Chief Technology Officer von IBM Resilient, hat das Thema Ransomware ebenfalls kommentiert. Sein Beitrag ist zuerst in der Washington Post erschienen:
The ransomware that has affected systems in more than 150 countries recently, WannaCry, made press headlines last week, but it doesn’t seem to be more virulent or more expensive than other ransomware. This one has a particularly interesting pedigree: It’s based on a vulnerability developed by the National Security Agency that can be used against many versions of the Windows operating system. The NSA’s code was, in turn, stolen by an unknown hacker group called Shadow Brokers widely believed by the security community to be the Russians in 2014 and released to the public in April.
Microsoft patched the vulnerability a month earlier, presumably after being alerted by the NSA that the leak was imminent. But the vulnerability affected older versions of Windows that Microsoft no longer supports, and there are still many people and organizations that don’t regularly patch their systems. This allowed whoever wrote WannaCry – it could be anyone from a lone individual to an organized crime syndicate — to use it to infect computers and extort users.
The lessons for users are obvious: Keep your system patches up to date and regularly backup your data. This isn’t just good advice to defend against ransomware, but good advice in general. But it’s becoming obsolete.
Und Bruce schlägt die Brücke zu den neuen potentiellen Bedrohungen, die uns durch das Internet of Things ins Haus stehen:
Everything is becoming a computer. Your microwave is a computer that makes things hot. Your refrigerator is a computer that keeps things cold. Your car and television, the traffic lights and signals in your city and our national power grid are all computers. This is the much-hyped Internet of Things (IoT). It’s coming, and it’s coming faster than you might think. And as these devices connect to the Internet, they become vulnerable to ransomware and other computer threats.
It’s only a matter of time before people get messages on their car screens saying that the engine has been disabled and it will cost $200 in bitcoin to turn it back on. …
Hackers don’t even have to come up with these ideas on their own; the government agencies whose code was stolen were already doing it. One of the leaked CIA attack tools targets Internet-enabled Samsung smart televisions.
Ein durchaus bedrohlicher Ausblick, gerade auch, wenn man sich die Aktivitäten von CIA und NSA ansieht.
Ich möchte an dieser Stelle auch nochmals an unseren Hangout zum Thema erinnern. Die Aufnahme finden Sie hier.