Worldwide: WannaCry Ransomware Pandemic
The WannaCry Ransomware Pandemic: Perspective, Reactions, and Prospects (The CyberWire) WannaCry ransomware hit hard late last week, and enterprises worldwide are bracing for further waves of infestation. The hitherto obscure strain of ransomware propagated in wormlike fashion against systems running older Microsoft software. It exploited the vulnerability the Shadow Brokers leaked last month as the weaponized EternalBlue tool. The rate of infection has been very high, temporarily slowed by discovery and activation of a "kill switch," but most observers expect renewed attack as the unknown controllers upgrade the malware.
WannaCry/WannaCrypt Ransomware Summary (SANS Internet Storm Center) The ransomware was first noticed on Friday and spread very quickly through many large organizations worldwide [verge]. Unlike prior ransomware, this sample used the SMBv1 “ETERNALBLUE” exploit to spread. “ETERNALBLUE” became public about a month ago when it was published as part of the Shadowbroker archive of NSA hacking tools [shadow].
Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage (BleepingComputer) Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers.
WannaCry Ransomware: What It Is, and How to Protect Yourself (Fortune) Attacks are expected to continue. Here's how to be prepared.
Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry (Heimdal Security) WannaCry distribution may have dropped, but the ransomware pandemic is not over.
With the Success of WannaCry, Imitations are Quickly In Development (BleepingComputer) With the successful launch of the WannaCry Ransomware last Friday, ransomware developers are being quick to release their own imitations. As of today, I found 4 different WannaCry knockoffs in various forms of development. Let's take a look at what they have to offer.
Correction: WannaCry Ransomware That Struck the Globe Isn't Back, Yet (Motherboard) The ransomware samples without the kill switch do not pose the same threat to the public
Security Alert: WannaCry Leaves Exploited Computers Vulnerable to Round Two (Heimdal Security) Preventing another ransomware outbreak becomes essential
Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far (KrebsOnSecurity) As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam.
Companies, governments brace for a second round of cyberattacks in WannaCry’s wake (TechCrunch) As the world readies to open for business on Monday, companies and governments are bracing for a second round of cyberattacks in the aftermath of Friday's..
Dealing with WannaCry on Monday morning, and the days ahead (CSO Online) It's Monday. Across the globe organizations are likely having the same conversation: What happened? What is WannaCrypt (WannaCry)? Are we exposed? What can we do? If you're in the trenches, here's a brief outline that might help you manage some of the conversations you're going to have this week.
Cyber-attack set to escalate as working week begins, experts warn (Guardian) Europol and NHS fear further disruption when workers switch on computers for first time since spread of ransomware
Latest statement on international ransomware cyber attack (National Cyber Security Centre) Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind. But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.
Europol: Global reach of cyber attack is unprecedented (RTE.ie) There are concerns that the global cyber attack, which has so far affected more than 200,000 victims in 150 countries, could escalate further when people return to work tomorrow.
Ransomware’s Aftershocks Feared as U.S. Warns of Complexity (New York Times) The effects of a global cyberattack could be magnified as workers return to their offices. President Trump has ordered his homeland security adviser to coordinate a response.
The Ransomware Meltdown Experts Warned About Is Here (WIRED) It’s not just British hospitals. A nasty strain of ransomware is sweeping the world.
U.K. Hospitals Hit in Widespread Ransomware Attack (KrebsOnSecurity) At least 16 hospitals in the United Kingdom are being forced to divert emergency patients today after computer systems there were infected with ransomware, a type of malicious software that encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.
NHS cyber attack brought under control (Times (London)) All but six NHS trusts have returned to normal following yesterday’s extensive cyber attack which caused chaos for 48 hospitals and healthcare services around the country. Amber Rudd, the home...
WanaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain (Register) EternalBlue now an eternal headache
Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak (BleepingComputer) A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country's biggest telecommunications companies — has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomware's reach.
Lyttelton Port to suspend operations over WannaCry ransomware attack (The National Business Review) PLUS: Security expert warns WannaCry's makers have got around kill switch activation, Cert warns about phone scammers.
Global ransomware attacks prompt national 'WannaCry' alert from CyberSecurity Malaysia (Computerworld) "We are continuing to monitor the situation closely," CyberSecurity Malaysia CEO Dato' Dr Amirudin Abdul Wahab confirmed to Computerworld Malaysia.
Cyber Security Experts: Russia Disproportionately Targeted by Malware (VOA) Kaspersky Labs initially reported 45,000 attacks by Wanna Cry malware in more than 70 countries, with Moscow bearing the brunt of onslaught
Russian public institutions hit by massive cyber attack, no damage registered (New China) Dozens of Russian public institutions including the Bank of Russia said on Saturday that they have thwarted a massive cyber attack and prevented vital data loss, Russian media reported.
Ransomware attack: India issues red alert, experts warn of more trouble today (Hindustan Times) The virus may be back today as offices log back in after the weekend. Security experts warn that attackers can easily modify the malware, making it tougher to shut down.
'SA affected in global cyberattack' (EWN) Cyber security company Gold 'N Links Cyber says the malware used in the attack blocks computers until money is paid to unlock it.
Indonesia Warns of More Cyber Attack Havoc as Business Week Starts (US News & World Report) The Indonesian government said the global cyber attack that takes computer data hostage is likely to cause more havoc when offices reopen for business on Monday.
International cyber attacks put ransoms on German rail station screens (The Local (Germany)) A fast-moving wave of cyber attacks that swept the globe Friday targeted German rail operator Deutsche Bahn.
In Israel, cyber experts joined forces to help foil massive attack (The Times of Israel) Private and government professionals set up virtual war room to stave off WannaCry cyberattack, which affected over 150 countries
Netanyahu: Israel unharmed by cyber attack but 'everything could change' (Jerusalem Post) Opening Sunday's weekly cabinet meeting, PM Netanyahu stressed the importance of investing "further resources in order to protect the State of Israel."
WannaCry: the Early 2000s Called, They Want Their Worms Back (Digital Shadows) Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen NHS organizations were impacted by the attack, and victims have spread across the globe and will likely continue to do so. WannaCry takes advantage of SMB vulnerabilities in Windows, using the ETERNALBLUE exploit which was publicly released by the ShadowBrokers in April.
Honeypot Server Gets Infected with WannaCry Ransomware 6 Times in 90 Minutes (BleepingComputer) The WannaCry ransomware — also known as WCry, Wana Decrypt0r, WannaCrypt, and WanaCrypt0r — infected a honeypot server made to look like a vulnerable Windows computer six times in the span of 90 minutes, according to an experiment carried out by a French security researcher that goes online by the name of Benkow.
Experts: Conditions behind cyberattack may be hard to mimic (KLTV) The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly dangerous security hole in Microsoft Windows,...
US Homeland Security Offers Helping Hand to Partners Hit by Massive Cyber Attack (Sputnik News) As the world has been struggling to deal with massive cyber-attack that affected thousands of computers in dozens of countries, the US Department of homeland Security issued a statement offering help to the partners affected by Ransomware.
Cylance vs. WannaCry-WanaCrypt0r 2.0 (Cylance) CylancePROTECT® fully prevents all in-the-wild examples of the malware related to WannaCry - WanaCrypt0r 2.0 and EternalBlue. Read more...
WannaCry ransomware used in widespread attacks all over the world (SecureList) Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.
Huge ransomware outbreak disrupts IT systems worldwide, WannaCryptor to blame (WeLiveSecurity) Ransomware called WannaCryptor spread rapidly around the world today, encrypting files in as many as 100 countries by using the leaked NSA eternalblue SMB exploit.
Bitdefender’s next gen machine learning provides zero day protection from WannaCry ransomware attacks (Borneo Post) On May 12th, the WannaCryptor (WannaCry) ransomware family infected thousands of computers across the world. In just 24 hours, the number of infections has spiked to 185,000 …
SnoopWall Consumer Advisory: Stopping WannaCry - the Global RansomWorm Malware Epidemic (PRNewswire) SnoopWall, Inc., the global leader in breach prevention, today is...
The WannaCry Wave – The Cyber Risk Management Approach (Cytegic) The May 12th wave of global ransomware attacks using the WannaCry ransomware is another nail in the vulnerability management coffin. Attackers have exploited a known Windows vulnerabi…
'Accidental hero' halts ransomware attack and warns: this is not over (Guardian) Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’
Experts discovered a kill switch to slow the spreading of the WannaCry ransomware (Security Affairs) It was a Black Friday for cyber security, organizations and critical infrastructure across at least 74 countries have been infected by the WannaCry ransomware worm, aka WanaCrypt, WannaCrypt or Wcry.
For $10.69, British Researcher Slows Global Cyberattack (Wall Street Journal) Cybercrime experts credit an unidentified British researcher with stumbling onto a “kill switch” that helped slow the spread of a computer worm victimizing the U.K.’s National Health Service and others.lalal
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack (Microsoft on the Issues) Early Friday morning the world experienced the year’s latest cyberattack.
Microsoft’s response to widespread cyber attacks may make you WannaCry (TechCrunch) Microsoft's president and chief legal officer Brad Smith took to the company's website to give a post mortem on the lessons that need to be learned from the..
Microsoft blames US stockpiled vulnerability for ransomware attack (CSO Online) Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.
2 days after WCry worm, Microsoft decries exploit stockpiling by governments (Ars Technica) Company president specifically notes role of NSA code used by Ransomware worm.
Leaked NSA tools linked to global ransomware outbreak, authorities say (Cyberscoop) Large organizations on every continent report being hit by a campaign of ransomware attacks on Friday.
An NSA-derived ransomware worm is shutting down computers worldwide (Ars Technica) Wcry uses weapons-grade exploit published by the NSA-leaking Shadow Brokers.
Leaked NSA exploit blamed for global ransomware cyberattack (RT International) A zero-day vulnerability tool, covertly exploited by US intelligence agencies and exposed by the Shadow Brokers hacking group has been blamed for the massive spread of malware that infected tens of thousands of computer systems globally.
Why the Latest Global Cyber Attack Is So Worrisome (Fortune) Renewed concerns about the U.S. National Security Agency hoarding software vulnerabilities.
A large-scale cyber attack highlights the structural dilemma of the NSA (The Economist) America's National Security Agency is torn between defending computer systems and attacking them
‘Cyber arms race would be detriment to humanity’ (RT International) The international community should come together to tackle cyberattacks rather than turning on each other, which only aids the perpetrators and may even lead to a new kind of arms race, author and historian Gerald Horne says.
Cyber Attacks, Threats, and Vulnerabilities
BAIJIU: New Malware Abuses Popular Japanese Web Hosting Service (Cylance) Baijiu takes advantage of humanitarian concern for North Korean flood victims.
Report: Hackers ‘aligned’ with Vietnam government attacked international firms and media (TechCrunch) A hacker group "aligned with Vietnamese government interests" carried out attacks on corporate companies, journalists and overseas governments over the past..
Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations (FireEye) Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.
The Twitter Bots Who Tried to Steal France (The Daily Beast) The Macron hack and the Twitter push that amplified it struck many as eerily reminiscent of Russia’s meddling in the US election—and for good reason.
Hamza bin Laden offers ‘advice for martyrdom seekers in the West’ | FDD's Long War Journal (FDD's Long War Journal) Hamza bin Laden, the son of al Qaeda founder Osama bin Laden, has released a new message offering "advice" for "martyrdom seekers in the West."
Soldiers sent hate-SMS messages from rogue base stations (Naked Security) The culprit exploits a design feature of older 2G networks in a type of man-in-the-middle attack
Discord Phone Bot Abused for Swatting and Harassing Calls (BleepingComputer) A newly launched bot for the Discord online chat service is being abused by "attention seekers" for swat calls and for placing harassing calls, experts from Flashpoint have recently discovered.
Huge Trove Of Confidential US Medical Records Discovered On Unsecured Server Accessible To Anyone (Gizmodo) At least tens of thousands, if not millions of medical records of New York patients were until recently readily accessible online to just about anyone who...
Analysis of 500 million passwords shows what you should avoid (Help Net Security) A dump of over 550 million username and password combinations is currently being sold on underground forums, and eager crooks are all over it.
Access codes for United cockpit doors accidentally posted online (TechCrunch) United Continental Holdings alerted pilots that access codes to cockpit doors were accidentally posted on a public website by a flight attendant, reports the..
Security Patches, Mitigations, and Software Updates
WCry is so mean Microsoft issues patch for 3 unsupported Windows versions (Ars Technica) Decommissioned for years, Windows XP, 8, and Server 2003 get emergency update.
HP pushes out fix for keylogging audio driver in its laptops (Help Net Security) A number of HP laptops contain an audio driver that logs users' keystrokes and stores them in an unencrypted file on the local system.
Cyber Trends
The Future of Ransomware: Data Corruption, Exfiltration and Disruption (Infosecurity Magazine) What’s Next for Ransomware? The ransomware trends expect to see are Data Corruption, Exfiltration and Disruption.
Our race against computer viruses is endless (Times (London)) The WannaCry ransomware cyberattack of last week, which briefly crippled much of the National Health Service, may be the biggest, but it will not be the last outbreak of cybercrime. Remember your...
Key to smart cybersecurity spending: Remove redundancies and strive for unification (Help Net Security) There is no consensus about what constitutes smart cybersecurity spending without defined goals and objectives. So, what do you do? This article explains.
Marketplace
AKUA raises $3 million Series Seed Financing for IoT Supply Chain Transformation (Sys-Con Media) Venture investors see potential to disrupt supply chain management to the benefit of cargo owners
In an age of wiretaps and instant communication, this Chantilly firm looks to grow (Washington Business Journal) The lawful surveillance firm serves as the conduit between court orders, law enforcement and telecommunications firms — and its expanding overseas.
GSA partners with HackerOne for first federal civilian bug bounty (Fedscoop) The General Services Administration will be the first federal civilian agency to engage in a bug bounty program. On May 9, GSA’s Technology Transformation Service and digital team 18F awarded HackerOne to be the agency’s “Software-as-a-Service bug-reporting platform,” which will reward independent researchers for their discovery of public-facing web vulnerabilities while giving the agency time to …
Products, Services, and Solutions
VIPRE Extends Special Offer to Kaspersky Lab Customers Concerned About Their Data Security (PRNewswire) Exclusive buyback program offers six months free for new customers following U.S. intelligence leaders raising concerns about Russian company
Technologies, Techniques, and Standards
A guide on how to prevent ransomware (Help Net Security) This article details several recommendations to help you in reducing the likelihood of future infection by ransomware, or indeed any other malware.
The Pentagon’s New Algorithmic Warfare Cell Gets Its First Mission: Hunt ISIS (Defense One) Turning hours of drone video into actionable intelligence is just the start for the fast-moving machine-learning team.
Army Training In California Desert To Take On Cyber Threats (KPBS Public Media) US Army Cyber Command wants to know if it can insert experts onto the battlefield to help troops on the front line combat cyber threats.
Penetration testing essential for success in security arms race (ComputerWeekly) Demand for security testing, which should be conducted from the onset rather than as an afterthought, is growing in Australia
How CISOs can answer difficult questions from CEOs (CSO Online) A hypothetical conversation can become all too real, and hopefully you are prepared with the answers. Here is a script to help get you started.
Privacy awareness checklist for GDPR readiness (Help Net Security) Knowledge assessment surveys are the most direct way to measure what your employees know and don’t know about privacy best practices.
Research and Development
Father-son duo creates cybersecurity tool (Newsday) A collaboration between an 11-year-old East Northport boy and his IBM inventor father has given voice to cybersecurity tools using that company’s Watson artificial intelligence
Academia
IUP to offer two cybersecurity camps this summer (Indiana Gazette) After an initial and successful Cybersecurity Camp for middle and high school students and teachers at Indiana University of Pennsylvania in 2016, IUP is expanding the program to offer two free cybersecurity camps this summer at the university.
Legislation, Policy, and Regulation
Brazilian Army Invests in Cyber Defense (Dialogo Americas) The Cyber Defense Command, a new Brazilian Army unit, was created to increase the nation’s security against cyberattacks.
Army beefs up cyber-defense unit as it gives up idea of unified cyber command (The Times of Israel) Military Intelligence to keep collected intel with coveted Unit 8200; IDF’s Computer Service Directorate to be charged with protection and counter-attack, officer says
“A Question of Trust”: some thoughts on the SRA’s consultation (Lexology) The decade since the enactment of the Legal Services Act 2007 (the "LSA") has seen significant regulatory reform in the legal sector, including the…
Takeaways from Trump's cybersecurity executive order (Axios) It's been in the works for a long time
SECURITY: Trump promises new 'rules of the road' for cyberspace (EnergyWire) President Trump yesterday issued an anticipated plan to defend federal agencies and critical infrastructure against potent cyberattacks from U.S. adversaries. While the marching orders for federal agencies were defined, the strategy for the rest of the country and its vital networks remains to be written.
Trump executive order draws praise from cybersecurity experts (GSN) President Donald Trump on Thursday signed a long-anticipated executive order calling for the federal government to ramp up its cybersecurity measures.
Trump’s cyber security executive order: succeeding where Obama failed? (Information Age) President Trump has signed his first cyber security executive order, with the aim of enhancing the US’s cyber defence capability
Lack of resilience led to lack of cyber strategy, says former DNI (C4ISRNET) In the quest to develop a cyber policy, several critical roadblocks lie ahead that seem to both stymie the process and might affect the ability of the U.S. to project power in cyberspace.
Sen. Ron Johnson: Policymakers must look to private sector for cyber solutions (Washington Examiner) There's "no timeline" for producing cyber bills out of the Senate.
Intelligence Professionals Describe 'Overwhelming' Threats to Homeland; Comey Firing Not Among Them (CNS News) The United States lacks a strategy and a policy on cyber-security, even though cyber attacks are "one of the top, if not the number-one threat" facing the nation, Director of National Intelligence Dan Coates told a Senate hearing on Thursday.
FBI agents group endorses Mike Rogers for FBI director (POLITICO) FBIAA President Thomas F. O’Connor said in a statement that Rogers "exemplifies the principles that should be possessed by the next FBI Director."
Clapper: US govt 'under assault' by Trump after Comey firing (Military Times) Former Director of National Intelligence James Clapper on Sunday described a U.S. government "under assault" after President Donald Trump's controversial decision to fire FBI director James Comey, as lawmakers urged the president to select a new FBI director free of any political stigma.
Litigation, Investigation, and Law Enforcement
Exclusive: How Russian hackers attacked the 2008 Obama campaign (Newsweek) The Kremlin continues to target former Obama officials with an intelligence-gathering effort, according to a new report.
Rod Rosenstein's letter recommending Comey be fired (BBC News) This is the letter in full by the deputy attorney general, recommending Comey be sacked.
Schumer: No FBI director until special prosecutor named (POLITICO) “To have that special prosecutor, people would breathe a sigh of relief."
Sen. Mike Lee: 'Probably inevitable' that any Trump tapes be handed over (Washington Examiner) The Utah Republican said any recordings would be subpoenaed and turned over.
Stop Thinking James Comey Keeps All His Files in a Cardboard Box (WIRED) Technology has come a long way since the Saturday Night Massacre.
Trump Keeps Acting Like He Has Something to Hide (Foreign Policy) America’s rule of law now hinges on whether the GOP still feels loyalty to the republic, not just Republicans.
Attention, liberals: Comey deserved to be fired, and the Constitution is just fine (Vox) The hyperventilation in Washington is unjustified.
US intelligence chiefs don't trust Kaspersky Lab software (Help Net Security) US intelligence chiefs are not comfortable having on their computer software created by Russian security company Kaspersky Lab.
US intelligence chiefs don't trust Kaspersky. But why? (Graham Clulely) Beware rushing to accuse Russian anti-virus of dirty tricks.
Did Kaspersky step in dog-doo? (CSO Online) How did Kaspersky find themselves in the cross hairs of the US intelligence community
Major international crackdown on tech support scams (Help Net Security) There's an international crackdown on tech support scams that trick consumers into believing their computers are infected with malware.
7 Florida Men Charged in Global Tech Support Scheme (Dark Reading) Federal fraud charges have been filed against seven men for their involvement in an international tech support scam.
8 Notorious Russian Hackers Arrested in the Past 8 Years (Dark Reading) Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.