Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Companies scrambled June 27 to combat the latest global ransomware attack that hit thousands of companies, including pharmaceutical company Merck Inc., shipping and logistics company A.P. Moller-Maersk A/S, and law firm DLA Piper LLC.
Maersk in a tweet confirmed its “IT systems are down across multiple sites and business units due to a cyberattack. We continue to assess the situation.” DLA Piper and Merck also confirmed they were hit.
McAfee Labs Chief Technology Officer Steve Grobman told Bloomberg BNA that the attack “is clearly a major incident that is impacting organizations around the globe.” Companies are battling “a ransomware epidemic” as computer worms infect individual machines and systems and increase the number of systems held for ransom in the form of bitcoin payments, Grobman said.
More than 2,000 organizations were hit in the cyberattack that affected Microsoft Corp. Windows computer users most prominently in Russia and the Ukraine, according to a statement from Moscow-based cybersecurity company Kaspersky Lab. The security company said it has more than 270,000 business clients worldwide.
The malware is a form unseen before and not a variant of last spring’s Petya ransomware, Kaspersky said. The exploit is modified from a software exploit taken in a hack of the U.S. National Security Agency, the company said.
“Expect complacent security staff in compromised companies to point the finger elsewhere and avoid accepting responsibility for leaving systems vulnerable,” Hamid Karimi, global vice president of business development at Beyond Security security testing company, told Bloomberg BNA.
“When the dust settles, expect most companies that can afford a more stringent security policy to begin building stronger defenses around their assets,” Karimi said.
Regardless of industry, it appears that companies running older software platforms with vulnerabilities are being hit, Mark Testoni, President of SAP National Security Services, said in a statement to Bloomberg BNA.
One takeaway from the recent WannaCry ransomware attack is the widespread use of outdated software platforms by organizations involved in U.S. critical infrastructure, Testoni said.
“We need to have a collective conversation between the software industry, government and commercial entities about standards to close the risk aperture presented by the use of these unsupported technology platforms,” Testoni said.
Microsoft issued a patch in March after the WannaCry exploit circled the globe—even offering a patch for the aging XP operating system, Michael Borohovski, cofounder & CTO at Tinfoil Security computer and network security, told Bloomberg BNA.
Companies should long ago have installed the fix, he said. “A quarter is a long time when it comes to security,” Borohovski said.
The situation is repeated “over and over,” Borohovski said. “A law firm doesn’t invest enough in focusing on their cybersecurity risk, even at their basic level. They have a staff but perhaps” aren’t investing in systems.
And that may take another shock to the system, he said. “Some form of negligence might be useful here because what matters to a Maersk or a DLA Piper is the bottom line.”
—With assistance from Daniel R. Stoller in Washington
To contact the reporter on this story: Joyce E. Cutler in San Francisco at JCutler@bna.com
To contact the editor responsible for this story: Donald Aplin at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)