Monday, 19 February 2018
Latest news
Main » England's emergency units open 'as normal' again after cyber attack

England's emergency units open 'as normal' again after cyber attack

17 May 2017

Instead of having to develop their own arsenals of cyberweapons, they simply had to repurpose work done by the highly skilled cyber experts at the NSA, said Phillip Hallam-Baker, principal scientist at the cybersecurity firm Comodo.

Last Friday, stolen NSA malware was used to attack hospitals, universities, and businesses around the world, ultimately hitting hundreds of thousands of computers in more than 150 countries, including the US, reaching what Europol-Europe's leading police agency-described as an "unprecedented level".

The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday, disrupting vehicle factories, global shipper FedEx Corp and Britain's National Health Service, among others.

The spread of the worm dubbed WannaCry - "ransomware" that locked up more than 200,000 computers in more than 150 countries - began after hours on Friday Australian time, scrambling data and demanding payments of $300 to $600 to restore access.

Erdoğan's bodyguards in violent clash with protesters in Washington DC
The incident occured after Erdogan visited the White House, where he criticized USA support for Kurdish militia in Syria. Police closed off the area around the embassy while they investigated.

The ransomware attack was particularly malicious, because if just one person in an organization clicked on an infected attachment or bad link, all the computers in a network would be infected, said Vikram Thakur, technical director of Symantec Security Response.

Citing the far-reaching potential impact on customers, Microsoft took the unusual step of offering a custom support security update for users with versions of Windows that are no longer supported. "It would arguably be knowingly negligent to let those systems stay in place".

He said the NHS was particularly vulnerable as it is such a large organisation and the virus only needed "one point of entry". "That's liability to individuals, consumers and patients". Once the issue became widespread and the news and views cycle went on an overdrive, it was surprising to see Microsoft getting the heat for not supporting Windows XP.

Microsoft had released a patch for the vulnerability earlier this year, but many systems that had not installed the updates were hit. LinkedIn settled for $1.25 million in 2014. "The incident could have been avoided if critical patches were applied in time by companies across all industries", said Kartik Shahani, Integrated Security Leader, IBM ISA. Researchers say new variants of the software have a similar kill switch, but they refer to different domains.

Fast Growing Stock in Focus: Verizon Communications Inc. (NYSE:VZ)
Lawson Kroeker Investment Management Inc decreased Compass Minerals Intl Inc (CMP) stake by 14.02% reported in 2016Q4 SEC filing. The cell phone carrier reported $0.95 EPS for the quarter, missing the Thomson Reuters' consensus estimate of $0.98 by $0.03.

White House cyber security coordinator Rob Joyce, who previously worked in the NSA's elite hacking squad, told a Reuters reporter in April that the Trump administration was considering how to "optimize" the Vulnerability Equities Process, but he did not elaborate.

Vicente Diaz, a security analyst at Kaspersky, said big companies would have spent the weekend implementing such measures, but smaller firms without a dedicated security team could still suffer from the malware. Courts have consistently upheld those agreements, he said.

The NSA did not respond to requests for comment.

Jonathan Zittrain, a professor specializing in internet law at Harvard Law School, said courts have frequently dismissed lawsuits against the agency on the grounds they might result in the disclosure of top secret information.

Microsoft says NSA to blame for Wannacry
The software tools to create the attack were revealed in April among a trove of NSA spy tools that were either leaked or stolen. Security patches would be available for clients with older machines, but only if they paid for custom support agreements.

The official would not identify which systems but said no federal government entities were hit.