- Thierry Spanjaard
PCs hacked, secure transactions unharmed
The world is always faster in learning new words. In just a couple days WannaCry is in everyone’s lips after the weekend.
As of writing, WannaCry, one of the largest ever ransomware attacks is said to have infected over 200,000 computers running under Windows XP in 150 countries. WannaCry encrypts the PC data, locks the user out, and asks for a ransom to recover the data. The typical ransom request is said to be US$ 300 (EUR 272) to be paid in Bitcoin.
The spread of WannaCry used a self-spreading mechanism derived from an NSA exploit that the NSA used for tis own intelligence actions, but did not communicate to Microsoft. The access mechanism was later leaked by The Shadow Brokers, a hacker group known to have published leaks containing NSA hacking tools.
A British security researcher, known as Malware Tech, has found a way to stop the hack by registering a domain name that was used by it in a precheck. In addition, Microsoft has distributed a patch for its older operating systems Windows XP and others that were supposedly no longer supported. Seemingly, this puts an end to most of the damages. But one can suppose the hackers are just developing a new attack that will circumvent the new security features of the patch.
Conclusions in cyber security are always the same: always make backups! Always! And keep your operating system and other software up to date.
The secure transactions industry is a totally different situation from the PC industry. Personal computers and their software have always been developed having cost and functionality in mind first and then adding a security layer.
In the secure transactions industry, security is at the core of the development, and principles such as security by design and end-to-end security have been at the core of all developments for years. Of course, over the multiple years of experience of the secure transactions industry, security methods have been made more resistant and the security level has improved. Our industry is at the forefront of security by having the largest number of security devices installed: 7 billion SIM card users and more than 3 billion banking card users do not experience hacks or security issues!