Dimanche, 23 Février 2020
Dernières nouvelles
Principale » Global cyber-attack's success largely rests with laziness, neglect, procrastination

Global cyber-attack's success largely rests with laziness, neglect, procrastination

14 Mai 2017

On Saturday, a cyber security researcher told AFP he had accidentally discovered a "kill switch" that could prevent the spread of the ransomware.

The Indian Computer Emergency Response Team (CERT-In), a nodal agency under the ministry to deal with cyber security emergencies, said a new ransomware named Wannacry was spreading widely. A large cyberattack crippled computer systems at.

He began analyzing a sample of the malicious software and noticed its code included a hidden web address that wasn't registered. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I'm always on the lookout to pick up unregistered malware control server (C2) domains.

Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proofpoint, was doing his own analysis.

Had it not been for a young cybersecurity researcher's accidental discovery of a so-called "kill switch", the malicious software likely would have spread much farther and faster.

While this attack has slowed, experts warn that networks remain vulnerable. Two security firms - Kaspersky Lab and Avast - said they had identified the malicious software behind the attack in over 70 countries, although both said the attack had hit Russian Federation the hardest.

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes.

A malware tracking map showed "WannaCry" infections popping up around the world. Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were canceled.

People walk past a Megafon mobile phones shop in Moscow, Russia, Saturday, May 13, 2017. Renault's futuristic assembly line in Slovenia, where rows of robots weld auto bodies together, was stopped cold.

NHS Digital, which oversees United Kingdom hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which infects and locks computers while the attackers demand a ransom.

It combined a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.

The Trump administration just actually admitted that climate change is a problem
Timo Soini, the foreign minister of Finland, said the eight member countries need to work to keep the Arctic free of tensions. Secretary of State Tillerson talking to Alaskan Governor Bill Walker at the Arctic Ministerial Meeting in Fairbanks.

Britain's home secretary said one in five of 248 National Health Service groups had been hit.

Security officials in Britain urged organizations to protect themselves by updating their security software fixes, running anti-virus software and backing up data elsewhere.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access.

Within hours, over 75,000 attacks were detected worldwide, the company said.

This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Spain and India.

"The recent attack is at an unprecedented level and will require a complex global investigation to identify the culprits", it said in a statement.

But he also said he's concerned the authors of the malware could re-release it — perhaps in the next few days or weeks — without a kill switch or with a better one, or that copycats could mimic the attack.

"If you have anything to patch, patch it", the researcher said in a blog post. Microsoft swiftly announced that it had already issued software "patches" to fix those holes, but many users haven't yet installed updates or still use older versions of Windows. "It would not be very hard at all to re-release this ransomware attack without a kill switch or without an approved kill switch that only they can activate". Short of paying, options for these individuals and companies are to recover data files from a backup, if available, or to live without them.

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents.

Code for exploiting that bug, which is known as "Eternal Blue", was released on the internet in March by a hacking group known as the Shadow Brokers.

In many cases, the senior official said, the attacks have been successful because they are against pirated or unauthorized copies of Microsoft Windows, which cannot be easily patched to fix the vulnerability.