Australia's cybersecurity still at risk of worldwide 'WannaCry' ransomware attack
Posted: 2017-May-17 20.00.03 UTC+0800
SYDNEY — Australia, and the rest of the world are still at risk of being infected by the ransomware attack "WannaCry" on Tuesday, according to Australian cybersecurity experts.
Simon Smith, cyber forensic expert and founder of eVestigator, spoke to Xinhua on Tuesday, after the announcement by Australian Federal Cyber Security Minister Dan Tehan that stated there had been 12 reported cases of the attack on Australian businesses.
"There is definitely a continuing threat. The problem is there are a lot of people who will copy this, even those 12 cases as people try to debunk and fix it, they could also possibly spread it," Smith said.
"There are definitely going to be opportunists who will make multiple versions. There have already been three versions."
Nigel Phair, one of Australia's leading cybercrime experts based at the University of Canberra, told Xinhua that although the government has said there are currently 12 cases reported in Australia, there are potentially a lot more.
"There has been 12 cases reported, but that is different to there has actually been 12 cases," Phair said.
"If I was a business I don't think I would be reporting it, and there is a range of embarrassing commercial reasons why you wouldn't."
According to Smith, Australia is one of the weakest countries in terms of cyber defense, but said that he has a plan to modify the ransomware virus to safeguard against any further attacks.
"I'm actually going to give an option for people to broadcast the Microsoft update through the vulnerability, so in actual fact it will use the same technology to patch it whilst it actually goes through, so if anyone gets infected, they will be infected by the update," Smith said.
"My method is to pump this thing out through the same channels, and broadcast it out to every DNS and every ISP, through the same exact vulnerability."
Smith hopes that this will assist the many people who have been unknowingly infected by the exploit, and have not chosen to update their software, or simply have forgotten to regularly.
"I can't believe that they are exploiting this, it's there and someone needs to fix it. It was fixed for Windows 10, still if someone has a computer and they haven't turned it on for five months or so, they're in trouble too." Smith said.
Phair believes that this kind of preventative measure suggested by Smith could possibly be acted, and said that he assumes that "anything that rides on the back of it is going to get blocked" once the updating is complete.
However, in terms of the ongoing threat caused by the ransomware virus, Phair was explicit, this is not a situation that will likely end any time soon.
"It will be interesting how it pans out. If I was a criminal, I'd already have a couple of variants ready to go, based on the success of this one," Phair said. (PNA)