Saturday, May 13, 2017

Massive Global Cyber Attack

By Douglas V. Gibbs
AuthorSpeakerInstructorRadio Host

I will be talking about this issue on today's radio program: Constitution Radio KMET 1490-AM at 1:00 pm Pacific (go here for subsequent PODCAST)

The Associated Press is calling the attack a "huge cyberextortion attack" which hit "dozens of countries."  Computers were locked up, and user files were held for ransom, across the globe.  The extortion attacks hit hospitals, companies and government agencies.

The computer code used exploits a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.  The code used to create this massive cyber-attack was developed by the U.S. National Security Agency (NSA) leaked online last month by a mysterious group called the Shadow Brokers.

Ransomware is a kind of malware that locks up the user’s data and flashes a message demanding payment to release it.

Yesterday's attack is being called “the biggest ransomware outbreak in history.”

Ransom demands began at $300, increasing incrementally as the hours passed.  If affected users are capable of restoring their files from backups, the attacks are nothing more than a headache.  If users pay the ransom, they save their data, but are out a considerable sum of money, depending on how long it took them to give into the attacker's demands.  Otherwise, they lose their data entirely.

The code that could be used for an attack, and the vulnerabilities the code exploits, were released online, but Microsoft announced quickly that it had already issued software “patches” for those holes.  Companies and individuals who hadn't installed the fixes yet, or use older versions of Windows that Microsoft no longer supports and didn’t fix, were open to the attack.

Kaspersky Lab estimates the malware struck at least 74 countries.  BBC is reporting the attack has emerged in at least 99 countries.  It is believed more than 130,000 IT systems have been affected so far around the world.

The malware worm goes by the names “WannaCry” or “Wanna Decryptor.”  Once in your system, it spreads from machine to machine silently and remains invisible to users until it unveils itself.  It demands payment in bitcoin, a computer based currency algorithm that makes tracing the transactions near impossible.

The use of an attack like Ransomware is nothing new, but this latest outbreak has spread quickly, and on a massive scale, hitting not just home computers, but reportedly health care, communications infrastructure, universities, logistics, and government entities (with an extensive list of some very prominent names and companies).  This is the worst attack of its kind in cyber-history.

While the threat has always been there, a security researcher, Matthew Hickey, who tracked the leaked NSA tools last month, said regarding this attack being on such a massive scale, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

The European Union is working with countries through Europol.  Europol's European Cybercrime Centre, known as EC3, said the attack "is at an unprecedented level and will require a complex international investigation to identify the culprits."

The people behind the attack, as of yet, have not been identified.

Former NSA contractor and resident of Russia, and a regular resident of the Democrat Party's enemies list for what they classify as espionage, who in 2013 leaked details of America's surveillance programs, which made him both a hero and a traitor, depending on who you talked to about it,  has blamed the NSA for not preventing the global cyber attack launched yesterday.  He said Congress should be asking the NSA if it is aware of any other software vulnerabilities that could be exploited in such a way. 

"If [the NSA] had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened," he added.

Snowden has also pointed out that lives could be lost as a result of this attack, reminding us that hospitals were on the list of locations attacked.  While, if they had updated their software in March when a patch was released to fix the flaw, Mr. Snowden pointed out that had the NSA disclosed the vulnerability when it found it, hospitals would have had years to prepare, rather than months.

A temporary stop has been initiated by an “accidental hero” who halted the global spread of the ransomware attack by registering a garbled domain name hidden in the malware.  However, the blogger has warned the attack could be rebooted.  The "kill switch" was activated when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated it.

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.

The kill switch was inadvertently activated.  It was explained that he bought the domain because his company tracks botnets, and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.

“Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freakout until I realized it was actually the other way around and we had stopped it,” he said.

He warned people to patch their systems, adding: “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

-- Political Pistachio Conservative News and Commentary

No comments: