23 May 2017

Cyber attack: Latest evidence indicates 'phishing' emails not to blame for global hack

James Titcomb

Thousands of computers in China and Japan hit by WannaCry virus

Putin says Russia had 'nothing to do' with global ransomware outbreak

Microsoft attacks US government over developing 'EternalBlue' exploit that led to hack

New strains of virus reported but having little effect

Jeremy Hunt says there has been no second wave of attacks

Latest evidence suggests "phishing" emails are unlikely to have caused the global cyber attack that wreaked havoc at dozens of NHS trusts and hit hundreds of thousands of computers in 150 countries. 

Security experts have disputed claims that the virus was spread through suspicious emails, saying that computers were vulnerable to the bug regardless of how vigilant users were. Experts said that unless IT departments patched the virus and backed up their files they could be hit by the attacks. 

Affected NHS trusts were criticised for not adding the patch despite warnings from NHS Digital a month ago that they were vulnerable to a possible attack. 

Vladimir Putin has blamed the US for the global cyber attack that has crippled computer systems around the world since Friday. 

Putin said Russia had "nothing to do" with the attack and blamed the US for creating the hacking software that affects Microsoft computers. 

"Malware created by intelligence agencies can backfire on its creators," said Putin, speaking to media in Beijing. He added that global leaders needed to discuss cyber security at a "serious political level" and said the US has backed away from signing a cyber security agreement with Russia. 

Authorities fear a second wave of the "WannaCry" ransomware could hit systems as people return to work and switch on their computers on Monday morning.

Japanese computer experts said around 2,000 PCs had been affected while the Chinese news agency Xinhua reported that almost 30,000 had been hit.

Authorities had warned of a day of chaos ahead of Monday, with the National Cyber Security Centre saying that existing infections could spread through computer systems.
Cyber attack: ransomware explained
01:33

NHS systems appeared to be largely up and running on Monday, although seven out of the 47 trusts hit by last week's attack are still seeking emergency support, according to NHS Digital.

Patients are being warned of slow service at surgeries, but patient data does not appear to have been compromised. The Home Secretary Amber Rudd will hold a meeting of the emergency COBRA committee later today.
Jeremy Hunt defends the government's management of cyber security in the NHS
01:36

The WannaCry ransomware, which locks computer systems and demands $300 (£230) in Bitcoin, hit over 200,000 computers on Friday and the impact continued to be felt across the weekend. Around £33,000 in ransoms have been paid to date, according to analysis of Bitcoin wallets.

On Sunday night, Microsoft slammed the US spy agency that had originally developed software that allowed the ransomware attack to infect computers. The "Eternal Blue" tool developed by the National Security Agency had been dumped onto the public internet by a hacking group known as the Shadow Brokers.

It was then used by the still-anonymous cyber criminals to infect PCs with Friday's ransomware.

"The governments of the world should treat this attack as a wake-up call," In a statement, Microsoft president Brad Smith said. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."

Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.

No comments: