At­tack has missed us

The Sunday Telegraph (Sydney) - - NEWS -

THE fed­eral gov­ern­ment is work­ing to find out whether a mas­sive global mal­ware at­tack has af­fected Aus­tralia.

Com­puter sys­tems at com­pa­nies and hos­pi­tals across the world were at­tacked on Fri­day, ap­par­ently as part of an ex­tor­tion plot. There are no con­firmed re­ports Aus­tralian or­gan­i­sa­tions have been hit.

“We are con­tin­u­ing to mon­i­tor the sit­u­a­tion and stand ready to deal with any threat,” a spokesman for Prime Min­is­ter Mal­colm Turn­bull said yes­ter­day.

HACK­ING tools de­vel­oped by the US Na­tional Se­cu­rity Agency are be­lieved to have been used in a global cy­ber at­tack that dis­rupted Bri­tain’s health sys­tem, hit in­ter-na­tional ship­per FedEx, and in­fected com­put­ers in nearly 100 coun­tries.

Cy­ber ex­tor­tion­ists tricked vic­tims into open­ing ma­li­cious mal­ware at­tach­ments to spam emails that ap­peared to con­tain in­voices, job of­fers, se­cu­rity warn­ings and other le­git­i­mate files.

The ran­somware en­crypted data on the com­put­ers, de­mand­ing pay­ments of $400 to $800 to re­store ac­cess.

Se­cu­rity re­searchers say they ob­served some vic­tims pay­ing via the dig­i­tal cur­rency bit­coin, though they did not know how many had given in to the ex­tor­tion­ists.

Re­searchers with se­cu­rity soft­ware maker Avast say they had ob­served 57,000 in­fec­tions in 99 coun­tries with Rus­sia, Ukraine and Tai­wan the top tar­gets. The most dis­rup­tive at­tacks were re­ported in Bri­tain, where hos­pi­tals were forced to turn away pa­tients af­ter los­ing com­puter ac­cess.

In­ter­na­tional ship­per FedEx Corp said some of its Win­dows com­put­ers were also in­fected.

“We are im­ple­ment­ing re­me­di­a­tion steps as quickly as pos­si­ble,” it said in a state­ment.

Only a small num­ber of US­head­quar­tered or­gan­i­sa­tions were hit be­cause the hack­ers ap­pear to have be­gun the cam­paign by tar­get­ing those in Europe, said Vikram Thakur, re­search man­ager with se­cu­rity soft­ware maker Sy­man­tec. By the time they turned their at­ten­tion to the US, spam filters had flagged the ran­somware-laden emails as ma­li­cious, he said.

The US Depart­ment of Home­land Se­cu­rity said it was aware of re­ports of the ran­somware, was shar­ing in­for­ma­tion with do­mes­tic part­ners and was ready to lend tech­ni­cal sup­port.

Telecom­mu­ni­ca­tions com­pany Tele­fon­ica was among many tar­gets in Spain while Por­tu­gal Tele­com and Tele­fon­ica Ar­gentina also said they were tar­geted.

Pri­vate se­cu­rity firms iden­ti­fied the ran­somware as a new vari­ant of “Wan­naCry” that had the abil­ity to au­to­mat­i­cally spread across large net­works by ex­ploit­ing a known bug in Mi­crosoft’s Win­dows op­er­at­ing sys­tem.

“Once it gets in and starts mov­ing across the in­fra­struc­ture, there is no way to stop it,” said Adam Mey­ers, a re­searcher with cy­ber se­cu­rity firm CrowdStrike.

The hack­ers, who have not come for­ward to claim re­spon­si­bil­ity, likely made it a “worm,” or self-spread­ing mal­ware, by ex­ploit­ing a piece of NSA code known as “Eternal Blue” that was re­leased last month by a group known as the Shadow Bro­kers, cy­ber se­cu­rity re­searchers said.

“This is one of the largest global ran­somware at­tacks the cy­ber com­mu­nity has ever seen,” said Rich Barger, di­rec­tor of threat re­search with Splunk, one of the firms that linked Wan­naCry to the NSA.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.