MOD Cyber Security by Owen Cooban (Crown Copyright, 2015)

Who is Behind the Global Cyber Attack?

Ransomware Secret is in the Code

Who are the most likely candidates behind the ransomware cyber attack? Russia, China, North Korea, the USA, or a non-state group, either a terrorist organization or organized crime. The demands for money point to organized crime, but this could be a false flag, especially as the sums being asked for are so low. Russia has denied involvement, citing the fact that the code being used was developed by America’s National Security Agency. Russia has also suffered extensively from the attack. China is responsible for at least a third of all cyber attacks, including several well-publicized attacks in recent years. Also, a huge proportion of the world’s cyber attacks originate in North Korea, with or without Chinese assistance.

According to Priscilla Roberts, both the USA and China are world leaders in hacking. In her 2014 book, Going Soft: The USA and China Go Global, she claimed that the USA was responsible for 13% of all attacks, while China was behind 33% to 44% of hacking worldwide. China admitted to having a specialist military hacking operation – People’s Liberation Army (PLA) Unit 61398 – in 2015, but their activities were known under that name at least two years earlier in 2013.

Possible Link to North Korea

Cyber security researchers on Monday pointed to code in a “ransomware” attack that could indicate a link to North Korea.

Symantec and Kaspersky Lab each cited code that was previously used by a hacker collective known as the Lazarus Group, which was behind the high-profile 2014 hack of Sony that was also blamed on North Korea.

But the security firms cautioned that it is too early to make any definitive conclusions, in part because the code could have been merely copied by someone else for use in the current event.

Europe Still Recovering from Cyber Attack

The effects of the ransomware attack appeared to ease Monday, although thousands more computers, mostly in Asia, were hit as people signed in at work for the first time since the infections spread to 150 countries late last week.

Health officials in Britain, where surgeries and doctors’ appointments in its national health care system had been severely affected Friday, were still having problems Monday. Seven of the 47 trusts that run its national health care system were still affected, with some surgeries and outpatient appointments canceled as a result.

Health minister Jeremy Hunt said it was “encouraging” that a second wave of attacks had not materialized. He said “the level of criminal activity is at the lower end of the range that we had anticipated.”

In France, auto manufacturer Renault said one of its plants that employs 3,500 workers stayed shut Monday as technicians dealt with the aftermath of the Friday attacks.

Astonishingly, in this Voice of America graphic (above), the artist appears not to know where the UK is.

USA Denies Responsibility for Ransomware Attack

In the United States, Tom Bossert, a homeland security adviser to President Donald Trump, told the ABC television network the global cybersecurity attack is something that “for right now, we’ve got under control.”

He told reporters at the White House that “less than $70,000” has been paid as ransom to those carrying out the attacks. He urged all computer users to make sure they install software patches to protect themselves against further cyberattacks.

In the television interview, Bossert described the malware that paralyzed 200,000 computers running factories, banks, government agencies, hospitals and transportation systems across the globe as an “extremely serious threat.”

NSA Developed the Cyber Weapon

Cybersecurity experts say the hackers behind the “WannaCry” ransomware, who demanded $300 payments to decrypt files locked by the malware, used a vulnerability that came from U.S. government documents leaked online. The attacks exploited known vulnerabilities in older Microsoft computer operating systems.

During the weekend, Microsoft president Brad Smith said the clandestine U.S. National Security Agency had developed the code used in the attack.

Bossert said “criminals,” not the U.S. government, are responsible for the attacks. Like Bossert, experts believe Microsoft’s security patch released in March should protect networks if companies and individual users install it.

Russia Blames the NSA

Russian President Vladimir Putin said his country had nothing to do with the attack and cited the Microsoft statement blaming the NSA for causing the worldwide cyberattack.

In a statement reported by TASS, Putin said:

“There hasn’t been any significant damage for us and our agencies, banks or healthcare system,” Putin said. “But in general this (cyber attack) is serious and there is nothing good here, this arouses concern. Back last year we invited our US partners to look into cyber security matters and even to conclude a corresponding inter-governmental agreement on this issue. Regrettably, our proposal was rejected. We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle.

Putin was attending an international summit in Beijing. “There is nothing good in this and calls for concern,” he said.

Even though there appeared to be a diminished number of attacks Monday, computer outages still affected segments of life across the globe, especially in Asia, where Friday’s attacks occurred after business hours.

Global Cyber Attack Still Ravaging Asia

The worldwide “ransomware” cyberattacks appeared to ease Monday, although thousands more computers, mostly in Asia, were hit as people signed in at work for the first time since the infections spread to 150 countries three days ago.

China said 29,000 institutions had been affected, along with hundreds of thousands of devices. Universities and other educational institutions appeared to be the hardest hit in China. China’s Xinhua News Agency said railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services also were affected.

Japan’s computer emergency response team said 2,000 computers at 600 locations were affected there.

Time Running Out for Infected Computers

Computer security experts have assured individual computer users who have kept their operating systems updated that they are relatively safe, but urged companies and governments to make sure they apply security patches or upgrade to newer systems.

They advised those whose networks have been effectively shut down by the ransomware attack not to make the payment demanded, the equivalent of $300, paid in the digital currency bitcoin.

However, the authors of the “WannaCry” ransomware attack told their victims the amount they must pay will double if they do not comply within three days of the original infection, by Monday in most cases. The hackers warned that they will delete all files on infected systems if no payment is received within seven days.

Sources: Voice of America; TASS

Image: MOD Cyber Security by Owen Cooban (Crown Copyright, 2015).

Leave a Reply