Watch
this space. The business day in Asia hasn't opened yet.
Hackers
RENEW Cyber-Attack; Issue "Variant" of Attack WITHOUT "Kill
Switch"
14
May, 2017
The
Cyber-Attack which began on Friday, and infected more than 200,000
systems worldwide, crippling them for ransom, has been re-issued . .
. without any "kill switch." There's no way to turn off
the attack now . . .
The
variant without the "kill switch" has been found "released
into the wild" and is already causing another spike in cyber
troubles.
For
those unaware of this dangerous situation, the cyber-attack caused
trains to halt in Germany, a train to derail in Greece, and countless
hospitals to cease operations for the inability to access patient
records. Nissan and Renault had to shut down auto assembly lines in
France when their computers got hit, and all ATM's for the People's
Bank of China can no longer dispense cash because the attack seized
their financial network.
Santander
Bank in Spain confirms their computers are infected and countless
other companies, corporations and other entities worldwide are
grinding to a halt from the initial attack.
Said
one souce "It is possible we may have a Martial Law situation if
the banks close because their customer records get seized by this
cyber attack."
Asia Braces For Ransomware Fallout As Workweek Begins: "Hong Kong Will Get Hammered"
14
May, 2017
Having
unleashed hell on over 100 nations and over 225,000 users worldwide
on Friday, cybersecurity
experts in Asia are bracing for the WannaCrypt ransomware plague to
strike as the workweek begins.
As The South China Morning Post reports, thousands of computers across Asia were said to be affected with more reports expected when people return to work after the weekend, security experts said. Attley Ng, senior vice president of NSFOCUS Asia Pacific, a network security solutions company, said:
"China
was hit very hard. The
attack was very widespread, especially in the higher learning and
education sector, resulting in an
almost complete paralysis of systems there.”
“What
makes this event so significant is the use of a
vulnerability that allows the ransomware to spread rapidly within an
[unprotected] organisation.”
The
Hong Kong police said it had not received any reports.
Michael
Gazeley, managing director of local cybersecurity service provider
Network Box, said he received calls from major companies throughout
Saturday seeking help.
“Hong
Kong will get absolutely hammered by this attack. This attack is
global and it’s only going to get worse as the virus is evolving,”
he
warned.
“This
is happening just before a weekend in Asia. By Monday, someone will
go back to work, click a link on an email, and wipe out the company.”
HKCERT
backed up the assertion that the threat could still attack companies
as people return to work this week.
The
Office of the Government Chief Information Officer said it had not
received any report from government-related security breaches. It
added that it has stepped up surveillance on security threats, while
reminding all departments to take measures to safeguard against
ransomware.
“The
authorities say everything is safe and under control. Are we
reassured? I don’t know,
and the threat is always out there.”
“There
is very little information disclosure. From
the government’s point of view they might not want to say too
much,”
Cyberattacks Expected To Spread Monday As Europol Fears Computer Systems Simply Won't Start
14
May, 2017
There
was a silver lining in what has been dubbed the "world's biggest
ransomware attack" - it struck on Friday mid-afternoon (in
Europe), just as businesses were winding down for the weekend, and as
a result the full impact of the forced system shutdowns would not be
fully felt over the weekend when businesses and infrastructure are
generally operating at a subdued pace. However, with the weekend
coming to a close, the full extent of the inflicted damage may become
apparent in just a few hours.
That was the warning by Europol Executive Director Rob Wainwright who on ITV’s “Peston on Sunday” broadcast, said that additional disruptions are likely as people return to work Monday and turn on their desktop systems, and as a result the "unrivaled" global cyberattack is poised to continue claiming victims.
ADVERTISING
“At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."
“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”
As we reported on Saturday, the initial attack was halted when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.” Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.
As the WSJ confirms, the attacks could worsen on Monday morning because of how the virus works.
The
virus contains two parts. One is the ransomware, which locks the
computer files and displays a message saying that the files will be
locked and eventually destroyed unless the user sends payment over
the internet to the hacker.
The
other part is known as the "spreader." Once the virus makes
its way onto one computer--perhaps when a user opens an infected
email attachment--the spreader transmits itself to other computers on
the network.
The
British researcher, who wishes to be identified only as MalwareTech,
found a kill switch in the spreader. The spreader was designed to
contact a web address to see whether it should further spread itself,
but hackers hadn't bought that web address. So MalwareTech did, and
effectively stopped the virus's spread. It meant that one computer in
a network could be infected, but the worm wouldn't spread to the rest
of the network.
Cybersecurity
experts expect the latest versions of the worm to have no kill switch
for the spreader. So when workers return to the office Monday morning
and turn on their computers, they might open an infected email
attachment or connect an already-infected laptop to their
organization's non-security-patched network and spread the worm.
“There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,” Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.
Meanwhile, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies, victims have already paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said . Robinson, in an interview by email, said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands. The number, which is likely a conservative estimate, will only embolden the hackers to become even more aggressive in their next attack.
Ransomware
is a particularly stubborn problem because victims are often tricked
into allowing the malicious software to run on their computers, and
the encryption happens too fast for security software to catch it.
Some
security expects calculate that ransomware may bring in as much as $1
billion a year in revenue for the attackers.
On one hand, it is probable that the weekend gave many companies the opportunity to prepare for the next ransomware attack: "While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack."
Even so, it does not explain why some of the world's biggest corporations were so strikingly unprepared for Friday's events.
A
spokesman for Spain’s Telefonica SA said the hack affected some
employees at its headquarters, but the phone company is attacked
frequently and the impact of Friday’s incident wasn’t major.
FedEx said it was “experiencing interference,” the Associated
Press reported.
Renault
halted production at some factories to stop the virus from spreading,
a spokesman said Saturday, while Nissan’s U.K. car plant in
Sunderland, in northeast England, was affected without causing any
major impact on business, an official said.
In
Germany, Deutsche Bahn faced “technical disruptions” on
electronic displays at train stations, but travel was unaffected, the
company said in a statement on its website. Newspaper reports showed
images of a ransomware message on display screens blocking train
information.
Russia’s
Interior Ministry, with oversight of the police forces, said about
“1,000 computers were infected,” which it described as less than
1 percent of the total, according to its website.
Indonesia’s
government reported two hospitals in Jakarta were affected.
"There is a high probability that Russian-language cybercriminals were behind the attack" said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs.
“Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.” In retrospect, what more convenient confluence of events could there be than having a handy justification for Q2 GDP missing again - just blame it on the computer virus - and accusing Russia of being responsible for the latest global slowdown
Wow! Microsoft has more or less accused the American surveillance networks of being out of control. In particular, Microsft has accused the NSA and Wikileaks as being the source of the malicious code. The web-address is given below. The exact words published by Microft are as follows:
ReplyDeleteFinally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues.
Read more at https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#MgWJZKwLiZSufWVe.99