Security experts probe possible cyber attack links with North Korea
THE cyber attack which threatened computer security across the globe, including Ireland, may have links to North Korea.
Security experts are examining if the WannaCry ransomware virus is similar to malware distributed by Lazarus, a hacking group behind attacks on Sony Pictures in 2014 that were linked to North Korea.
Researchers from global cyber security company Kaspersky Lab, whose European headquarters is in London, identified clear code similarities between the WannaCry virus and attacks by Lazarus in 2015.
“The similarity, of course, could be a false flag operation,” it said.
“However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday.”
The ransomware virus crippled the computers of a HSE-funded agency in Wexford but it was isolated and brought under control.
The wider health service here has withstood any damage, although the systems of major hospitals were in its sights.
The HSE carried out a reboot of its servers across the network yesterday afternoon to activate additional security updates designed to shield computers against the WannaCry ransomware virus.
HSE chief information officer Richard Corbridge said more than 1,200 servers across the network were rebooted.
Patient care was protected during the process, he added.
HSE internal email, which was down since the weekend as a precaution, has been restored. It is expected to resume receiving inward emails from today.
He said there had been “no reports of any additional suspected cases of the ransomware attack”.
More than 300,000 computers in 150 countries have been infected with the WannaCry ransomware virus since the attack, crippling organisations from government agencies and global companies.
The NHS in the UK was also badly affected, with 47 trusts in England and 13 Scottish health boards compromised when the virus targeted computers with outdated security.
The Revenue Commissioners in Ireland said yesterday it had not been targeted by the cyber attack in recent days.
A spokeswoman said: “Revenue takes the security of our systems very seriously and extensive information in this regard is provided here on our website. In relation to the recent cyber attack, all Revenue systems are protected, and the relevant patches had previously been applied. “Security across all Revenue systems is constantly monitored.” She added by way of advice to the public: “Revenue does not recommend sending personal or confidential information by email.
“Email is sent via public networks, and can be intercepted and read unless it is protected with encryption. Revenue cannot guarantee that personal data, sent in plain text via standard email, is fully secure.
“Customers who choose to use this channel are deemed to have accepted any risk involved.
“MyEnquiries is the fully secure alternative online communication method offered by Revenue.”
The Cabinet discussed the need for investment in cyber security yesterday.