Frankie Cordeira Jr.

Description: 'WannaCry' shares code with Sony hack... Cybersecurity researchers said Monday that the massive "WannaCry" virus that has infected computers around the globe was developed using some of the same code used in the 2014 hack of Sony Pictures raising the possibility that the hackers may have a connection to North Korea. Investigators said they had detected code similar to that used by a shadowy cyber-crime network implicated in the Sony attack the Lazarus Group though they stressed that more investigation was necessary. We believe this might hold the key to solve some of the mysteries around this attack the Moscow-based cyber security firm Kaspersky Labs said in an analysis of a few lines of duplicated code found in an earlier version of the WannaCry virus which was first noticed by a Google security researcher. An international manhunt was underway as private-sector researchers and government investigators alike try to stamp out new versions of WannaCry while scouring for clues pointing to the authors of the original virus who are potentially criminals or foreign nation-states said Tom Bossert President Trumps homeland security advisor. Security officials around the world expressed relief as the spread of the virus seemed to slow its pace though not before freezing files and demanding ransom from the operators of hundreds of thousands of computers in at least 150 countries including the United States. The virus which used a Windows vulnerability developed by and stolen from the U.S. National Security Agency seemed to be the work of relatively unsophisticated hackers experts initially said. They pointed to how easy it was to stop and how little money it has collected so far a little over $50000 a relatively paltry amount for an attack so large. But the revelations of similarities to previous attacks launched by the Lazarus Group prompted a new evaluation. Kaspersky researchers called the discovery the most significant clue to date regarding the origins of WannaCry. Other investigators also were looking into the possibility of a Lazarus connection. "While these findings do not indicate a definite link between Lazarus and WannaCry we believe that there are sufficient connections to warrant further investigation" the Mountain View Calif. security firm Symantec wrote in its analysis of the virus. Symantec said it had identified "the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry." The Lazarus Group has been connected to series of aggressive cyber attacks that date back to at least 2009 primarily aimed at targets in South Korea and the U.S. but also including financial institutions in Poland and Bangladesh. The group was linked to the massive hack of data from Sony which included e-mails between employees information about executive salaries at the company and copies of Sony films that had yet to be released. Some of the data was published online embarrassing executives just as the company was about to release a movie critical of North Korea. "We believe that Lazarus Group is very large and works mainly on infiltration and espionage operations" Kaspersky analysts said after the Sony episode. "Clearly the groups operations span across the whole world." Ransom payments collected so far provide additional clues but they only go so far. Because of the way Bitcoin works the payments are public allowing officials and researchers to monitor the three digital accounts where the victims payments are being deposited making it possible to calculate how much money has been paid out. Figuring out who controls those accounts is much harder. New victims emerged as expected on Monday and several security firms detected new variations of the virus just as many had predicted would happen. Thus far none of these new versions had much of an effect but security officials remained vigilant. Only one appears to have [gotten] some very limited traction said Costin Raiu director of Kasperskys Global Research and Analysis team. The other variants appear to have been manually patched by unknown entities and have not been created by the original WannaCry authors. In the United Kingdom the National Health Service appeared to be largely back to business Monday. The NHS said that seven out of the nearly 50 NHS trusts affected are still facing serious problems. Others are reporting problems but not as severe. The majority of patients are being advised to turn up for their usual appointments unless told otherwise. Across the globe in China cyber security firm Qihoo 360 said that 29372 institutions including government offices bank machines and hospitals had been infected over the weekend. French digital security agency ANSII reported that only a handful of organizations had been infected. Bossert Trumps homeland security advisor told reporters in Washington that there were a small number of affected parties in the U.S. including FedEx. He said the number of hacked computers worldwide had risen to 300000 on Monday. The car maker Renault said it had halted manufacturing at some of its factories in France and one in Slovenia because of the virus. In Germany rail passengers posted pictures on Twitter of departure and arrival screens at Deutsche Bahn the German train operator showing the red WannaCry warning sign. Still in an interview with Agence France-Presse Europol spokesman Jan Op Gen Oorth said the European Union law enforcement agencys worst fears were not realized Monday. "The number of victims appears not to have gone up and so far the situation seems stable in Europe which is a success" he told AFP. "It seems that a lot of Internet security guys over the weekend did their homework and ran the security software updates." A top Microsoft executive lashed out at the NSA on Sunday saying the agency bore the blame for turning an obscure computer vulnerability into a weapon. Russian President Vladimir Putin whose Interior Ministry was reported to be a victim of the attacks picked up on that theme Monday blaming the U.S. for the creation of the ransomware virus. "We are fully aware that the genies in particular those created by secret services may harm their own authors and creators should they be let out of the bottle" Putin said in Beijing according to Russia's Tass news agency. Putin said Russia had invited Obama administration officials last year "to look into cyber security matters" and develop an intergovernmental agreement. "Regrettably our proposal was rejected. Then the previous administration said it was prepared to get back to our proposal but nothing was done in practice." Russia has been blamed for hacking attacks aimed at influencing the 2016 U.S. presidential election. On Sunday Europol described the WannaCry attack as unprecedented. However it appears that a move by a security researcher to register an address on the Internet that fooled the virus has blunted its momentum. The newer variants of the virus that emerged seemed to be ineffective because they were quickly made. Researchers are still on the watch for more sophisticated versions that can better exploit the remaining vulnerabilities. Several governments security agencies and research firms on Monday were calling on users not to pay the ransom for fear that it would inspire even more such attacks. Still it was not clear whether those who had paid had their access restored or what other options exist for users who found their computers still encrypted. Bossert who spoke at a White House briefing said the U.S. is not aware of payments that have led to any data recovery implying that the hackers are simply absconding with the money. He added that it would be very satisfying to bring them to justice and the best and the brightest are working on that. Microsoft called over the weekend for its customers to be more aggressive about installing the security patch it had issued several weeks earlier. But the reality remains that millions of machines are likely running on older versions of its Windows operating system or lack the resources and organizational sophistication to install the patch across their tangled web of IT systems. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect wrote Brad Smith Microsofts president and chief legal officer in a blog post on Sunday. As cybercriminals become more sophisticated there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise theyre literally fighting the problems of the present with tools from the past. On Monday the process of re-examining the policies and politics of cyber security in Europe was underway in the wake of the attack. In the UK there were reports that Health Secretary Jeremy Hunt was warned last summer that National Health Service organizations were at risk of cyber attacks. An assessment of 60 hospitals was carried out by experts who warned that a cyber attack was becoming a "bigger consideration" as the NHS moved increasingly away from paper records to digital files. A July report presented to Hunt said that computer hardware and software that can no longer be supported should be replaced as a matter of urgency. And as long ago as 2014 the government told NHS trusts that they needed to update their systems and avoid using Windows XP as quickly as possible. It appears many of those alarms were not heeded. The British government announced it was holding an emergency meeting late Monday to discuss the cyber attack A spokesman for Europol Alex Niculae said in an email to The Times that the agencys Joint Cybercrime Taskforce was working with investigators from the various countries affected by the virus. He said that investigators from both the public and private sectors have joined forces and are doing their best to get to the bottom of this. ALSO China's Belt and Road Forum lays groundwork for a new global order Seven striking statistics on the status of gay rights and homophobia across the globe Trump prepares for first overseas trip with anti-globalism at bay Special correspondent OBrien reported from Toulouse France and Boyle from London. Times staff writer Jim Puzzanghera in Washington contributed to this report. UPDATES: 7:40 p.m.: This article was updated with reports of a possible connection to code used in the 2014 hack of Sony Pictures data. 1:10 p.m.: This article has been updated with comments from Tom Bossert. 9:40 a.m.: This article has been updated with comments from Putin and a Europol spokesman. 7:50 a.m.: This article has been updated throughout with staff reporting. This article was originally published at 7:43 a.m.
By Frankie Cordeira Jr.
Pinned to Domestic and Global News on Pinterest
Found on: http://ift.tt/2qmlKut
Previous Post Next Post

نموذج الاتصال