Pages

Share This

Showing posts with label Cyber Attacks. Show all posts
Showing posts with label Cyber Attacks. Show all posts

Sunday, May 14, 2017

WannaCry ransomeware attacks, how to prevent it?

Source: Intel.malwaretech.com

'Do not pay ransomware hackers' - Nation


WannaCry has spread to Malaysia; two companies here were stricken by the ransomware virus that has infected a massive number of computers across the globe since Friday. Hackers use the virus to hold a victim’s data to ransom – pay up or lose all your information – and the victims overseas include hospital networks, businesses and government agencies.

PETALING JAYA: All governmental agencies have been told of the WannaCry ransomware outbreak and have armoured themselves against attacks.

“All government agencies at federal and state level have been alerted and ensured that their computers have been patched accordingly,” said CyberSecurity CEO Datuk Dr Amirudin Abdul Wahab.

Dr Amirudin said the WannaCry ransomware exploited vulnerabilities of the Windows operating system, especially on Windows XP which has stopped receiving updates since 2014.

“The malware exploits a flaw in the network protocol called the Server Message Block. Unlike former malware cases which is localised to a single computer, WannaCry exploits the operating system’s vulnerabilities and spreads it across PCs in the network.

“This is why it spread at such speed and range. Realising this, Microsoft came out with the MS17010 patch to stop this particular malware from working and spreading,” he said in a phone interview.

The patch was first rolled out in March this year but was not available to Windows XP, Windows 9 and Windows 2003 until May 12, after WannaCry’s outbreak.

According to the Microsoft Security Response Centre, Windows 10 users were not targeted by the attack.

To protect themselves against any malware attack, computer users were urged to back up their files, avoid clicking on suspicious links online or download attachments in e-mail messages sent by strangers.

“Apart from preventive measures, if you think you have been infected by the malware, please report to us at cyber999@cybersecurity.my or call us at 1300-882999,” he said.

In response to a question, Dr Amirudin said it was not an obligation under the law for anyone to report any security breach.

“It is not mandatory in Malaysia, unlike in some other countries,” he lamented, pointing out that when people made a report to CyberSecurity, their confidentiality would be paramount.

“We can also provide assistance,” Dr Amirudin added.

As of 6pm yesterday, CyberSecurity has yet to receive any report on infected computers in Malaysia.

“It does not mean that infection will not happen. At present, however, the situation is manageable and under control and we are always on the alert,” he said.

When contacted, the Malaysian Communications and Multimedia Commission and CyberSecurity Malaysia also said they had not received any report of a WannaCry infection in Malaysia.

Ransomware: how hackers take your data hostage


Screens of NHS computers with images demanding payment of US$300 (RM1,302) in Bitcoin (Bitcoin, digital currencies rally, caution prevails; virtual currency in property), saying: “Ooops, your files have been encrypted!”

It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.

“Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger,” said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” said Lance Cottrell, chief scientist at the US technology group Ntrepid.

Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched.

G7 finance ministers meeting in Italy discussed the attacks and were expected to commit to stepping up international cooperation against a growing threat to their economies. — AFP

Massive Ransomware Attack Hits 99 Countries

PHILADELPHIA (CNN)–Tens of thousands of ransomware attacks are targeting organizations around the world on Friday.

Cybersecurity firm Avast said it has tracked more than 75,000 attacks in 99 countries. It said the majority of the attacks targeted Russia, Ukraine and Taiwan.

What is it?

The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them.

The ransomware, called “WannaCry,” is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven’t updated their systems are at risk. The exploit was leaked last month as part of a trove of NSA spy tools.

“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica was also hit with the ransomware.

Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cybersecurity incident I’ve ever seen,” UK-based security architect Kevin Beaumont said.

Russia’s Interior Ministry released a statement acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected, and that the virus is now “localized.” The statement said antivirus systems are working to destroy it.

Megafon, a Russian telecommunications company, was also hit by the attack. Spokesman Petr Lidov told CNN that it affected call centers but not the company’s networks. He said the situation is now under control.

“We encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school,” the U.S. Department of Homeland Security said in a statement released late Friday. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally.”

Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is “the most significant factor” in the global outbreak.

How to prevent it

Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won’t do any good for machines that have already been hit.

He said it’s likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.

“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”

According to Matthew Hickey, founder of the security firm Hacker House, Friday’s attack is not surprising, and it shows many organizations do not apply updates in a timely fashion. When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the “most damaging” he’d seen in several years, and warned that businesses would be most at risk.

Consumers who have up-to-date software are protected from this ransomware. Here’s how to turn automatic updates on.

It’s not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.

Source: CNN’s Clare Sebastian contributed to this report.

WannaCry strikes two Malaysian companies



http://clips.thestar.com.my.s3.amazonaws.com/Interactive/ransomware2017/ransomware2017.mp4

PETALING JAYA: Two local companies have been hit by the infamous WannaCry ransomware, three days after the malicious software was released, infecting 200,000 computers in 150 countries so far.

According to IT security services company LGMS, the first case in Malaysia involved a director of one of its clients who came across the dreaded ransomware on his personal laptop on Saturday morning.

LGMS founder C.F. Fong said the data in the laptop had to be erased as the person did not intend to pay the US$300 (RM1,300) ransom.

The same ransomware appeared in the machine of an automotive shop on Sunday morning.

“The company didn’t have any backup and might pay (the ransom),” said Fong.

Besides disconnecting compu­ters from the network, there was not much else they could do, he noted.

As of 3pm yesterday, a website tracking incidences of WannaCry infections started showing blips in the Klang Valley area.

The website displays a blip whenever an infected computer pings its tracking servers, thus allowing it to map out a geographical distribution of the WannaCry infection.

Fong added that any machine infected by WannaCry should not be connected to a public or cor­­porate network.

“Once you plug into any network, it will start spreading,” he pointed out.

Fong said none of LGMS’ clients, which include major banks in Malaysia, had reported any pro­blems so far, adding that he was quite confident that those who re­gularly updated their computers would not face any problems with WannaCry.

He said ransomware was not new but WannaCry had caused worldwide alarm because of how fast it was spreading.

“We have seen worse and devastating ransomware attacks before but WannaCry’s infection rate is one of the fastest ever as it exploits the vulnerability that exists in Windows,” Fong said.

Security companies all over the world are reporting an unprecedented wave of WannaCry ransomware infections since Friday when more than 150 countries were hit by it.

The ransomware encrypts the data on an infected computer, preventing users from accessing it.

According to a report in The Guardian, the ransomware uses a vulnerability first revealed as part of a leaked stash of NSA-related documents, which infects machines running Windows and encrypts their contents before demanding a ransom to decrypt these files.

The perpetrators promise to release the data once a ransom of US$300 (RM1,300) is paid.

In just two days, computer networks of Britain’s National Health Service, Russia’s interior ministry and international shipper FedEx, among others, were affected.

The website tracking incidences of WannaCry infections was created by a 22-year-old British re­sear­cher known only as MalwareTech, who was credited with being an “accidental hero” after discovering a “kill switch” that halted WannaCry’s outbreak.


Cyber security expert: WannaCry ransomware has ... - The Star Online

Malaysia also hit by WannaCry ransomware - Nation

Singapore not affected by cyber attacks

How to Remove Ransomware. - Ransomware Removal Instruction

Police raid CYL office, seize items

WannaCry ransomeware attacks, how to prevent it?

Source: Intel.malwaretech.com

'Do not pay ransomware hackers' - Nation


WannaCry has spread to Malaysia; two companies here were stricken by the ransomware virus that has infected a massive number of computers across the globe since Friday. Hackers use the virus to hold a victim’s data to ransom – pay up or lose all your information – and the victims overseas include hospital networks, businesses and government agencies.

PETALING JAYA: All governmental agencies have been told of the WannaCry ransomware outbreak and have armoured themselves against attacks.

“All government agencies at federal and state level have been alerted and ensured that their computers have been patched accordingly,” said CyberSecurity CEO Datuk Dr Amirudin Abdul Wahab.

Dr Amirudin said the WannaCry ransomware exploited vulnerabilities of the Windows operating system, especially on Windows XP which has stopped receiving updates since 2014.

“The malware exploits a flaw in the network protocol called the Server Message Block. Unlike former malware cases which is localised to a single computer, WannaCry exploits the operating system’s vulnerabilities and spreads it across PCs in the network.

“This is why it spread at such speed and range. Realising this, Microsoft came out with the MS17010 patch to stop this particular malware from working and spreading,” he said in a phone interview.

The patch was first rolled out in March this year but was not available to Windows XP, Windows 9 and Windows 2003 until May 12, after WannaCry’s outbreak.

According to the Microsoft Security Response Centre, Windows 10 users were not targeted by the attack.

To protect themselves against any malware attack, computer users were urged to back up their files, avoid clicking on suspicious links online or download attachments in e-mail messages sent by strangers.

“Apart from preventive measures, if you think you have been infected by the malware, please report to us at cyber999@cybersecurity.my or call us at 1300-882999,” he said.

In response to a question, Dr Amirudin said it was not an obligation under the law for anyone to report any security breach.

“It is not mandatory in Malaysia, unlike in some other countries,” he lamented, pointing out that when people made a report to CyberSecurity, their confidentiality would be paramount.

“We can also provide assistance,” Dr Amirudin added.

As of 6pm yesterday, CyberSecurity has yet to receive any report on infected computers in Malaysia.

“It does not mean that infection will not happen. At present, however, the situation is manageable and under control and we are always on the alert,” he said.

When contacted, the Malaysian Communications and Multimedia Commission and CyberSecurity Malaysia also said they had not received any report of a WannaCry infection in Malaysia.

Ransomware: how hackers take your data hostage


Screens of NHS computers with images demanding payment of US$300 (RM1,302) in Bitcoin (Bitcoin, digital currencies rally, caution prevails; virtual currency in property), saying: “Ooops, your files have been encrypted!”

It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.

“Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger,” said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” said Lance Cottrell, chief scientist at the US technology group Ntrepid.

Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched.

G7 finance ministers meeting in Italy discussed the attacks and were expected to commit to stepping up international cooperation against a growing threat to their economies. — AFP

Massive Ransomware Attack Hits 99 Countries

PHILADELPHIA (CNN)–Tens of thousands of ransomware attacks are targeting organizations around the world on Friday.

Cybersecurity firm Avast said it has tracked more than 75,000 attacks in 99 countries. It said the majority of the attacks targeted Russia, Ukraine and Taiwan.

What is it?

The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them.

The ransomware, called “WannaCry,” is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven’t updated their systems are at risk. The exploit was leaked last month as part of a trove of NSA spy tools.

“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica was also hit with the ransomware.

Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cybersecurity incident I’ve ever seen,” UK-based security architect Kevin Beaumont said.

Russia’s Interior Ministry released a statement acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected, and that the virus is now “localized.” The statement said antivirus systems are working to destroy it.

Megafon, a Russian telecommunications company, was also hit by the attack. Spokesman Petr Lidov told CNN that it affected call centers but not the company’s networks. He said the situation is now under control.

“We encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school,” the U.S. Department of Homeland Security said in a statement released late Friday. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally.”

Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is “the most significant factor” in the global outbreak.

How to prevent it

Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won’t do any good for machines that have already been hit.

He said it’s likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.

“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”

According to Matthew Hickey, founder of the security firm Hacker House, Friday’s attack is not surprising, and it shows many organizations do not apply updates in a timely fashion. When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the “most damaging” he’d seen in several years, and warned that businesses would be most at risk.

Consumers who have up-to-date software are protected from this ransomware. Here’s how to turn automatic updates on.

It’s not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.

Source: CNN’s Clare Sebastian contributed to this report.

WannaCry strikes two Malaysian companies



http://clips.thestar.com.my.s3.amazonaws.com/Interactive/ransomware2017/ransomware2017.mp4

PETALING JAYA: Two local companies have been hit by the infamous WannaCry ransomware, three days after the malicious software was released, infecting 200,000 computers in 150 countries so far.

According to IT security services company LGMS, the first case in Malaysia involved a director of one of its clients who came across the dreaded ransomware on his personal laptop on Saturday morning.

LGMS founder C.F. Fong said the data in the laptop had to be erased as the person did not intend to pay the US$300 (RM1,300) ransom.

The same ransomware appeared in the machine of an automotive shop on Sunday morning.

“The company didn’t have any backup and might pay (the ransom),” said Fong.

Besides disconnecting compu­ters from the network, there was not much else they could do, he noted.

As of 3pm yesterday, a website tracking incidences of WannaCry infections started showing blips in the Klang Valley area.

The website displays a blip whenever an infected computer pings its tracking servers, thus allowing it to map out a geographical distribution of the WannaCry infection.

Fong added that any machine infected by WannaCry should not be connected to a public or cor­­porate network.

“Once you plug into any network, it will start spreading,” he pointed out.

Fong said none of LGMS’ clients, which include major banks in Malaysia, had reported any pro­blems so far, adding that he was quite confident that those who re­gularly updated their computers would not face any problems with WannaCry.

He said ransomware was not new but WannaCry had caused worldwide alarm because of how fast it was spreading.

“We have seen worse and devastating ransomware attacks before but WannaCry’s infection rate is one of the fastest ever as it exploits the vulnerability that exists in Windows,” Fong said.

Security companies all over the world are reporting an unprecedented wave of WannaCry ransomware infections since Friday when more than 150 countries were hit by it.

The ransomware encrypts the data on an infected computer, preventing users from accessing it.

According to a report in The Guardian, the ransomware uses a vulnerability first revealed as part of a leaked stash of NSA-related documents, which infects machines running Windows and encrypts their contents before demanding a ransom to decrypt these files.

The perpetrators promise to release the data once a ransom of US$300 (RM1,300) is paid.

In just two days, computer networks of Britain’s National Health Service, Russia’s interior ministry and international shipper FedEx, among others, were affected.

The website tracking incidences of WannaCry infections was created by a 22-year-old British re­sear­cher known only as MalwareTech, who was credited with being an “accidental hero” after discovering a “kill switch” that halted WannaCry’s outbreak.


Cyber security expert: WannaCry ransomware has ... - The Star Online

Malaysia also hit by WannaCry ransomware - Nation

Singapore not affected by cyber attacks

How to Remove Ransomware. - Ransomware Removal Instruction

Police raid CYL office, seize items

Friday, January 15, 2016

Internet set to cut cord with US government, ICANN urges Internet control



The US government, announcing its intention to end its role in March 2014, said it would seek to maintain a "multi-stakeholder" model for Internet governance

A plan to end a key US government oversight role on the Internet is on track for completion this year, the head of the online address gatekeeper said, in a symbolic move towards asserting the independence of the web.

While the transition will not change how the Internet works, it would help reassure users, businesses and governments about its integrity, according to Fadi Chehade, chief executive of the Internet Corporation for Assigned Names and Numbers (ICANN).

Chehade told AFP the transition plan being prepared since early 2014 will be delivered to the US government in February, and that it could take place on September 30—a year later than originally planned.

If the US government approves the plan, "then the contract between ICANN and the US government which is set to naturally expire on September 30 will just expire," Chehade said in an interview Wednesday in Washington.

Chehade said the private non-profit ICANN is effectively a "traffic cop" that ensures the Internet address system functions, and that the US government's role has been merely to ensure that it follows correct procedures.

"In all the years we've done that (the US government) has never said we did not follow the process," he said.

"People have aggrandized the role of the US government in what we do. But the change is actually minimal. It's important symbolically because the US was really a steward for the Internet, but for day-to-day accountability, it is minimal."

Who runs the Internet?

The US government, announcing its intention to end its role in March 2014, said it would seek to maintain a "multi-stakeholder" model for Internet governance—which allows virtually all users from business to academia to government to participate—instead of a "multilateral" system controlled by governments.

Chehade said that without US oversight, ICANN would be managing the technical functions of the Internet under the supervision of a 16-member board which is designed to maintain diverse representation.

"We have a very solid process that ensures this is not a capturable board," which can be hijacked by governments or other institutions, he said.

He added that the transition plan seeks "to strengthen the assurances that ICANN will remain multi-stakeholder," by giving Internet users more authority to appeal to overturn decisions or even to remove board members.

Chehade noted that even though the ICANN process can be "unwieldy," most decisions are made by consensus, with very few disputed votes in the organization.

He added that he expects a fresh round of hearings in Congress, following complaints by some US lawmakers that Washington is "giving away" the Internet and suggestions that it could be controlled by other governments.

"I think the concerns Congress has raised are very justified and genuine and therefore being prepared to address them is crucial," he said.

But Chehade noted that ICANN has effectively been handling its functions for a long time.

"The independence of ICANN has been proven to be working for many years," he said.

"It's been working and we are now simply admitting that. We are ending the symbolic role of the US government which should have been let go in 2000."

ICANN chief urges wide Internet control

 
Internet Corporation for Assigned Names and Numbers (ICANN) President and CEO Fadi Chehadé called for the "preservation of a decentralised, transnational and not too fragmented governance" of the Internet on Tuesday

The head of the private agency that acts as gatekeeper for the Internet called Tuesday for international discussions to ensure control of the web remains decentralised.

Fadi Chehade, president and CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), called for the "preservation of a decentralised, transnational and not too fragmented governance" of the Internet.

He told a Geneva conference that the Internet should remain "polycentric" but that the private and public sectors should work together.

"Only initiatives involving the private sector and governments can successfully and effectively address crucial issues like cybercrime, taxation of e-commerce, and child protection," Chehade said.

ICANN, which is in charge of assigning domain names, is likely to break free of US oversight late next year.

Washington said in March it might not renew its contract with the Los Angeles-based agency, provided a new oversight system is in place that ensures the Internet addressing structure is reliable.

"ICANN is not and shall not be an island disconnected from other stakeholders," Chehade said.

The agency plans to submit a proposal on oversight to the US Department of Commerce next year.

In an interview published Tuesday in Swiss daily Le Temps, Chehade said the role of the United States—one of ICANN's 147 member countries—would remain important.

"If our DNA remains American, our openness to the world is a reality."

US Commerce Secretary Penny Pritzker pledged at a meeting of Internet leaders in October that the United States would "protect and preserve a free, vibrant and open Internet".

Pritzker said that while the United States might not renew its contract with ICANN, it still had a responsibility to encourage a decentralised Internet.

"The United States will not allow the global Internet to be co-opted by any person, entity, or nation seeking to substitute their parochial world view for the collective wisdom of this community," she said. - AFP

Related posts:


Dec 16, 2015 ... Chinese President Xi Jinping began to deliver a keynote speech at the opening ceremony of the Second World Internet Conference (WIC) held ...


Dec 10, 2015 ... Chinese President Xi Jinping will attend the upcoming Second World Internet Conference (WIC) in the river town of Wuzhen in east China's ...
 
Sick gamers on the rise !
Parents seek help for addicted kids Experts: Too much gaming has more serious effects than most people realise For many Malaysians, i...
IT is 10pm and you know exactly where your children are. They are at home with you, and the last time you looked, they were on their