Published: Tue, May 16, 2017
Sci-tech | By Carrie Guzman

Researchers eye possible North Korea link to cyberattacks


According to the cyber security detectives, they have found procedural indication which could relate North Korea with the global WannaCry "ransomware" cyber-attack.

The security companies Sympantec and Kaspersky Lab said on May 15 that portions of the "WannaCry" ransomware used in the attacks have the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record. The ransomware has disrupted operations at institutions and businesses across the globe including auto factories, hospitals and transportation systems by locking people out of their computers and threatening to delete all their data unless they hand over several hundred dollars. The worms quickly scanned computers with vulnerability, in this case the older versions of Microsoft Windows, and used those computers as hackers' command and control centers. North Korea has never admitted any involvement in the Sony Pictures hack - and while security researchers, and the U.S. government, have confidence in the theory, neither can rule out the possibility of a false flag, it said.

ESTsecurity, a computer security company, said it has detected more than 2,000 attacks on domestic sites.

"Neel Mehta's discovery is the most significant clue to date regarding the origins of WannaCrypt", the report quoted Moscow-based cyber security firm Kaspersky Lab as saying.

Director Shin Dae Kyu at the state-run Korea Internet & Security Agency who monitors the private sector said Monday that five companies have reported they were targeted by a global "ransomware" cyberattack.

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, said USA investigators are collecting forensic information - such as internet addresses, samples of malware or information the culprits might have inadvertently left on computers - that could be matched with the handiwork of known hackers.

"T$3 his attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers", Smith said in his blog post.

Jose Mourinho: Manchester United "fight for titles",
The United boss has always stated that his focus was on winning the Europa League, as a route into the Champions League. We know that, but we fight for titles.

"We've seen them steal money", said John Carlin, a former assistant attorney general for national security and an ABC News contributor. "If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return".

"That's the attribution that we're after right now", he said at a White House briefing.

India is on high alert, monitoring critical networks across sectors like banking, telecom, power and aviation to ensure that systems are protected against the attack that has claimed victims in more than 150 countries over the weekend.

Paying the ransom will not ensure any fix, said Eiichi Moriya, a cyber security expert and professor at Meiji University.

As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices.

It leveraged a Windows vulnerability leaked in a trove of hacking tools believed to belong to the NSA.

"A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators", the Russian leader said on the sidelines of a summit in Beijing. The Cantopee code snippet, the researchers explained, was removed from later versions of WCry, making it hard to spot and hence ill-suited to act as a decoy. Another oddity, as reported by Wired, was WCry's failure to automatically verify when victims have paid a Bitcoin ransom.

Like this: