At some point, these vulnerabilities were either leaked or electronically stolen, and in March, an entity known as ShadowBrokers made them public. Microsoft very soon released an update that removed the vulnerabilities. Windows systems have the capability to automatically install updates, but in many corporate setups, the auto-update is disabled to give IT departments more control over company machines. This left many machines vulnerable to the attack.
This is where the discussion moves out of the realm of the purely technical and becomes a matter of public debate. Despite the best efforts of software companies, their products will have flaws, including security weaknesses. Rigorous testing would prevent many exploits, but it takes too many resources to consider every possibility.
So, independent security researchers, commercial security companies and intelligence agencies such as the NSA specialise in trying to find weaknesses that were missed. Some researchers privately notify software makers when they find a vulnerability, but there are also companies that sell them; selling can be lucrative. It is believed that the FBI paid $9,00,000 to a private company to access a locked iPhone. Intelligence agencies and even police departments have been collecting vulnerabilities known as “zero-days”. Clearly, the motivation is to protect national interest and public safety, yet it is worth asking what the trade-off is.
Security expert Bruce Schneier has criticised governments for hoarding zero-days. He argues that it is better for the common good to disclose the vulnerabilities before someone else uses them for ill. The WannaCry incident seems to bear this out. Policymakers need to dig into the claims that zero-days are effective at preventing terrorism and crime.
Disclosing vulnerabilities doesn’t help much if the software creators don’t take timely action. In general, large corporations such as Microsoft, Google or Apple have reacted quickly. They can do more to publicise vulnerabilities and fixes and highlight the risk to customers if they do not update.
Finally, a failure to update systems poses a real issue. Those individuals and organisations that did not apply Microsoft’s update were taking a risk; whether the reasons were cost, lack of attention or negligence, their actions had an impact on others. The reasons for making computer software up to date are the same as vaccinating a population against diseases. Policymakers may want computer owners to take the same approach.
One curious aspect of WannaCry is that once it enters a computer, it tries to connect to a domain on the internet, and if it succeeds, it stops its activity. An alert cybersecurity researcher created that domain and helped slow WannaCry’s spread. Researchers are puzzled why this “killswitch” was left in the code. What’s worrisome is that perhaps a future variant of ransomware will try to send contents of the disk to a remote server before locking the computer, thereby stealing sensitive health or financial details, embarrassing photos or vital state secrets.
The targets may react to the ransom part of the attack and fail to see the data theft. This may have already happened. In response to an RTI, the RBI said that at least one bank was attacked by ransomware last year. If data-stealing malware targets computers in a corporate or government network, the real damage is not to the owners of the computers but the people whose data is exposed. In the case of government secrets, the entire country may be worse off.
Since the attack, the government has downplayed the effects on Indian systems. No private companies have disclosed that they were affected. However, there are many cyber attacks on a global scale and it stretches credulity to believe that Indian systems are somehow spared. The government wants to promote Digital India and internet companies want Indians to use their services and spend money online. For that, they need to build and keep the public’s trust.
One way to do that is by being forthright and owning up to mistakes or breaches. It would demonstrate a level of responsibility and sophistication that people can respect.
(1). Consider the following statements regarding the Ransomware:
1. It is a Malware.
2. It has exploited vulnerabilities in Windows 10.
Which of the following statements given above is/are correct?
(a) 2 only
(b) Both are correct
(c) None is correct
(d) 1 only
(2). How can Software companies prevent weaknesses in their softwares?
(a) By rigorous testing.
(b) By updating their softwares.
(c) By consulting Security agencies.
(d) None of the above
(3). Which of the following statements given below is/are correct regarding the Microsoft Windows system?
1. Windows systems have the capability to automatically install updates
2. Microsoft very soon released an update that removed the vulnerabilities(caused because of Ransomware)
Select the correct option using the codes given below.
(a) 1 only
(b) 2 only
(c) Both are correct
(d) None is correct
1. Windows systems have the capability to automatically install updates
2. Microsoft very soon released an update that removed the vulnerabilities(caused because of Ransomware)
Select the correct option using the codes given below.
(a) 1 only
(b) 2 only
(c) Both are correct
(d) None is correct
(4). What are 'Zero Days'?
(a) The specific days of the year when Ransomware attacks computers.
(b) Software's Vulnerabilities.
(c) The specific days of the years when Security agencies around the world do rigorous testings on Softwares.
(d) None of the above
(a) The specific days of the year when Ransomware attacks computers.
(b) Software's Vulnerabilities.
(c) The specific days of the years when Security agencies around the world do rigorous testings on Softwares.
(d) None of the above
(5). According to RBI, which Indian Bank has confirmed an attack by Ransomware last year?
(a) Punjab National Bank
(b) State Bank of India
(c) Bank of Baroda
(d) Not mentioned in the Passage
(a) Punjab National Bank
(b) State Bank of India
(c) Bank of Baroda
(d) Not mentioned in the Passage
(6). Choose the word which is MOST SIMILAR in meaning of the word printed in bold as used in the passage
Perplexing
(a) Explicate
(b) Enlighten
(c) Clarify
(d) Baffle
Perplexing
(a) Explicate
(b) Enlighten
(c) Clarify
(d) Baffle
(7). Choose the word which is MOST OPPOSITE in meaning of the word printed in bold as used in the passage
Realm
(a) Scope
(b) Kingdom
(c) Range
(d) None of the above
(9). Choose the word which is MOST OPPOSITE in meaning of the word printed in bold as used in the passage
Domain
(a) Sphere
(b) Territory
(c) Department
(d) None of the above
(10). Choose the word which is MOST OPPOSITE in meaning of the word printed in bold as used in the passage
Breaches
(a) Intrude
(b) Infract
(c) Violate
(d) Keep
Realm
(a) Scope
(b) Kingdom
(c) Range
(d) None of the above
(8). Choose the word which is MOST SIMILAR in meaning of the word printed in bold as used in the passage
Dig
(a) Cultivate
(b) Excavate
(c) Till
(d) All of the above
Dig
(a) Cultivate
(b) Excavate
(c) Till
(d) All of the above
(9). Choose the word which is MOST OPPOSITE in meaning of the word printed in bold as used in the passage
Domain
(a) Sphere
(b) Territory
(c) Department
(d) None of the above
(10). Choose the word which is MOST OPPOSITE in meaning of the word printed in bold as used in the passage
Breaches
(a) Intrude
(b) Infract
(c) Violate
(d) Keep
