WannaCry

A cyber-attack that hit organisations worldwide including the UK’s National Health Service was “unprecedented”, Europe’s police agency says.
Europol also warned a “complex international investigation” was required “to identify the culprits”.
Ransomware encrypted data on at least 75,000 computers in 99 countries on Friday. Payments were demanded for access to be restored.
European countries, including Russia, were among the worst hit.
Although the spread of the malware – known as WannaCry and variants of that name – appears to have slowed, the threat is not yet over.
Europol said its cyber-crime team, EC3, was working closely with affected countries to “mitigate the threat and assist victims”.
In the UK, a total of 48 National Health trusts were hit by Friday’s cyber-attack, of which all but six are now back to normal, according to the Home Secretary Amber Rudd.
The attack left hospitals and doctors unable to access patient data, and led to the cancellation of operations and medical appointments.
Who else has been affected by the attack?
Some reports say Russia has seen more infections than any other country. Banks, the state-owned railways and a mobile phone network were hit.
Russia’s interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised.
In Germany, the federal railway operator said electronic boards had been disrupted; people tweeted photos of a ticket machine.
France’s carmaker Renault was forced to stop production at a number of sites.
Other targets have included:
■ Large Spanish firms – such as telecoms giant Telefonica, and utilities Iberdrola and Gas Natural
■ Portugal Telecom, a university computer lab in Italy, a local authority in Sweden
■ The US delivery company FedEx
■ Schools in China, and hospitals in Indonesia and South Korea
Coincidentally, finance ministers from the G7 group of leading industrial countries had been meeting on Friday to discuss the threat of cyber-attacks.
They pledged to work more closely on spotting vulnerabilities and assessing security measures.
Read more:
‘I was the victim of a ransom attack’
Who has been hit by the NHS cyber attack?
Explaining the global ransomware outbreak
A hack born in the USA?
How did it happen and who is behind it?
The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down “one by one”.
NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer.
The infections seem to be deployed via a worm – a program that spreads by itself between computers.
Most other malicious programs rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.
By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.
It is not clear who is behind the attack, but the tools used to carry it out are believed to have been developed by the US National Security Agency (NSA) to exploit a weakness found in Microsoft’s Windows system.
This exploit – known as EternalBlue – was stolen by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a “protest” about US President Donald Trump.
A patch for the vulnerability was released by Microsoft in March, which would have automatically protected those computers with Windows Update enabled.
Microsoft said on Friday it would roll out the update to users of older operating systems “that no longer receive mainstream support”, such Windows XP (which the NHS still largely uses), Windows 8 and Windows Server 2003.
The number of infections seems to be slowing after a “kill switch” appears to have been accidentally triggered by a UK-based cyber-security researcher tweeting as @MalwareTechBlog.
But in a BBC interview, he warned that it was only a temporary fix. “It is very important that people patch their systems now because there will be another one coming and it will not be stoppable by us,” he said.
‘Accidental hero’ – by Chris Foxx, technology reporter
The security researcher known online as MalwareTech was analysing the code behind the malware on Friday night when he made his discovery.
He first noticed that the malware was trying to contact an unusual web address but this address was not connected to a website, because nobody had registered it.
So, every time the malware tried to contact the mysterious website, it failed – and then set about doing its damage.
MalwareTech decided to spend £8.50 ($11) and claim the web address. By owning the web address, he could also access analytical data. But he later realised that registering the web address had also stopped the malware trying to spread itself.
“It was actually partly accidental,” he told the BBC.
Blogger halts ransomware ‘by accident’

Rebuild our defenses for the information age – AEI

The Defense Department still uses 8-inch floppy disks and computers from the 1970s to coordinate nuclear forces, according to a report last year from the Government Accountability Office. Many of the Pentagon’s communications systems are so vulnerable to sabotage that the Army and Navy regularly practice fighting without them. Satellites can be shot down by missiles or have their sensors dazzled by lasers. Their ground links can be jammed or hacked.

Dale Hayden, a senior researcher at the Air Force’s Air University, told an audience of aerospace experts earlier this month that proliferation of antisatellite technology has put America’s communications networks at risk. “In a conflict, it will be impossible to defend all of the space assets in totality,” he said. “Losses must be expected.”

It has never been easier for America’s adversaries—principally Russia and China, but also independent nonstate actors—to degrade the U.S. military’s ability to fight and communicate. Senior military officials have expressed grave doubts about the security of the Pentagon’s information systems and America’s ability to protect the wider commercial virtual infrastructure.

Source: Rebuild our defenses for the information age – AEI

CI press release re my forthcoming SAME talk on cybersecurity

CSUCI Cyber-security expert to speak at on-campus engineering convention.

Camarillo, Calif., Feb. 20, 2017—Whether it’s personal information, medical records, national security or election results, computer hacking is a rising national and global concern.

CSU Channel Islands (CSUCI) Computer Science Chair and Professor Michael Soltys, Ph.D., will share his cybersecurity expertise to an audience of professional engineers from 11 a.m. to 2 p.m. on March 23 in the Grand Salon.

“Our society is under constant cyber-threat, as our infrastructure, our economy, and our privacy, depend on secure IT systems,” Soltys said. “My talk will consider the major threats, and present examples of how hackers attack our systems.”

Sponsored by the nonprofit Oxnard Ventura Post of the Society of American Military Engineers, the presentation is geared toward an audience with a high degree of computer expertise, so Soltys plans to share cybersecurity best practices.

“I plan to give more of a technical talk from the engineering point of view,” Soltys said. “How to write code that is more defended. I plan to show techniques hackers use to get into systems.”

One of the principal causes of cyber-vulnerability is faulty software, a problem Soltys addresses in a textbook on algorithms he wrote for software engineers.

Aside from his teaching at CSUCI, Soltys also acts as Director of IT Security for Executek International where he specializes in forensic work.

The public is welcome at the presentation, which is on campus at One University Drive in Camarillo. Cost is $30 a person for lunch.

Follow the directional signage to Parking Lots A-4 and A-11, then follow “walk this way” signage to the Grand Salon.

To register for the presentation, click on:

http://www.same.org/Oxnard-Ventura

 

Study examines websites’ password practices

Global IT giants including Amazon and LinkedIn could be doing far more to raise awareness of the need for better password practices among their users.

Analysis by Professor Steve Furnell, Director of the Centre for Security, Communications and Network Research at Plymouth University, looked into the password security controls in place among ten of the world’s most visited websites.

It revealed very few of them give detailed guidance about the importance of providing secure passwords, either when users were creating or updating accounts.

The majority also provided little or no information about the reasons why password protection is important, and while some did make suggestions about best practice, very few went on to enforce their own advice.

via Study examines websites’ password practices – Plymouth University.

Cybercrime: Thieves in the night

CRIME has been falling in Britain since the mid-1990s, as it has in much of the rich world. Car-related theft has plummeted by 79% since 1995 and burglary by 67%. The decline is partly due to technology; car immobilisers and house alarms make such crimes harder. The increased use of CCTV and DNA databases means criminals are more likely to be caught, and the rewards for burglary have decreased anyway because electronic gadgets are so cheap. The falling crime rate has come alongside big recent cuts in police budgets. By 2015, the coalition government will have trimmed 20%. Meanwhile, crime has moved online.

Britain is particularly at risk when it comes to cybercrime, argues Charlie McMurdie, a cyber-security expert at PricewaterhouseCoopers (PWC), a consultancy. It is rich, its infrastructure for moving money around is slick, and it is saturated with technology. Over 60% of the population use smartphones. More than 80% of households are connected to the internet. Three-quarters of them shop online. According to PWC, 69% of companies in Britain experienced a cyber-security incident in the past year, compared to 59% globally.

via Cybercrime: Thieves in the night | The Economist.

About to attend ACM Webinar Getting Cyber Safety Through to Employees

People are and always will be the weakest link in security. Yet, it’s an often overlooked topic. This session discusses people skills, influence, and social engineering in security education. This session will educate attendees on human motivation and interaction, how security controls may be bypassed by a person’s intentional or unintentional acts, and methods for reducing the cyber risks associated with people. It concludes with online references that can be immediately used to inform on simple steps for cyber safety.

via Event Lobby (EVENT: 904250).

Researchers quantify the S in HTTPS

Researchers from Pittsburgh’s Carnegie Mellon University, Polytechnic University di Torino in Italy, and the research and development arm of Spain’s Telefónica Group have published a paper investigating the impacts of HTTPS use for industry and web users.

The paper, The Cost of the “S” in HTTPS PDF, was presented at ACM CoNEXT in Sydney, and suggests that while the use of HTTPS is increasing due to mounting security concerns, it could result in more latency online, greater battery drain for some connected devices, and the loss of in-network value-added services.

The paper asserts that HTTPS “does not come for free”, with the researchers saying that HTTPS “may introduce overhead in terms of infrastructure costs, communication latency, data usage, and energy consumption”.

The encryption offered by an HTTPS address may protect information from “man-in-the-middle” attacks, but that same functionality can hamper the application of “middlebox” network appliances, such as firewalls.

via Researchers quantify the ‘S’ in HTTPS | ZDNet.

Cyberattack could cost Sony Pictures tens of millions of dollars

The financial cost of the crippling cyberattack that hit Sony Pictures Entertainment last week is beginning to become clear — and it won’t be cheap.

The Culver City film and television studio could face an outlay of tens of millions of dollars, according to digital security and legal experts.

Such an expenditure comes at a poor time for the Sony Corp.-owned studio, which late last year committed to slashing overhead by at least $250 million and has since gone through several rounds of layoffs.

Sony Pictures’ costs include rebuilding its computer network, paying a cyber-forensics firm to investigate the breach and footing the bill for potential legal matters that stem from the attack.

via Cyberattack could cost Sony Pictures tens of millions of dollars – LA Times.

The Economist explains: How to trace a cyber-weapon

THE internet has changed all sorts of industries, from book delivery to newspaper publishing to pornography. And spying is no exception. On November 23rd Symantec, an American anti-virus firm, announced the discovery of Regin, a complicated piece of malicious software that has been lurking on computer networks in Russia and Saudi Arabia (among other places), stealing whatever secrets have come its way. Only a couple of weeks before, Kaspersky Labs, another anti-virus firm, revealed the existence of DarkHotel, another piece of espionage-ware that targeted corporate bosses and other bigwigs staying at hotels in Asia. Both pieces of software are slick, sophisticated and complicated. For that reason, the anti-virus firms think they are the work of nation states. DarkHotel has been tentatively pinned on South Korea. Regin is thought to be the work of the British, possibly with help from the Americans. But how do anti-virus researchers know where viruses come from?

via The Economist explains: How to trace a cyber-weapon | The Economist.