Senior U.S. intelligence officials from various government agencies met late today to see what, if anything, they could do to stop the sophisticated global cyberattack using leaked NSA tools that is spreading across the globe, a senior U.S. official tells ABC News.
According to several cybersecurity experts, the unidentified attackers targeted networks all over the world, including one major U.S. company, exploiting a vulnerability in Microsoft Windows that was identified by the U.S. National Security Agency (NSA) and leaked to the public by the hacker group The Shadow Brokers in April.
Microsoft released a patch to address the vulnerability, but networks that did not adopt it would have remained vulnerable. In a statement, the tech company said that users who are running its free antivirus software or have Windows updates enabled are protected. Microsoft said it is also working with customers to provide additional assistance.
“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” Microsoft said in its statement. “Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.”
The Department of Homeland Security said in a press release Friday that it is aware of the global cyberattack.
“This appears to be the first incidence of the use of an NSA exploit in a broad and far reaching cybercriminal campaign,” John Bambenek of Fidelis Cybersecurity said.
According to Ryan Kalember, senior Vice President of cyber security strategy at the cybersecurity firm Proofpoint, a “ransomware worm” using the essentially unaltered NSA code is spreading across government and corporate networks in at least 74 countries, with European and Asian countries among the hardest hit. Russia, he said, was particularly vulnerable because many of its networks use older versions of Microsoft Windows.
“This is depressing as a cybersecurity expert,” Kalember said. “The patch has existed since the vulnerability was made public, so if people were applying it, this never had to happen.”
One U.S. senior official said “American companies may fare better than those overseas because they are better at cyber hygiene.” In many cases, the official said, the attacks have been successful because they are against pirated or unauthorized copies of Microsoft Windows, which cannot be easily patched to fix the vulnerability.
Kalember says the attack is spreading rapidly, making it difficult to identify “patient zero” and attribute the attack to a particular hacker group.
Tyler Wood, a former top cybersecurity official who now works for a major telecommunications firm, told ABC News the forensic work to identify the perpetrators may take some time, and it…