Tag: Cyberattack

A cyberattack caused the Internet disruptions during the Winter Olympics’ opening ceremony on Friday night, Olympic officials and security experts said.

Jihye Lee, a spokesman for the Pyeongchang Organizing Committee, confirmed Sunday that “the technology issues experienced Friday night were caused by a cyberattack.”

Mr. Lee did not elaborate on the cause but said that the attack had been quickly addressed and that systems had been stabilized by Sunday.

The cyberattack took out internet access and telecasts, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony, which resulted in an unusually high number of empty seats.

Security experts said they had uncovered evidence that the attack had been in the works since late last year. It was directed at the Pyeongchang Organizing Committee and incorporated code that was specifically designed to disrupt the Games or perhaps even send a political message.

“This attacker had no intention of leaving the machine usable,” a team of researchers at Cisco’s Talos threat intelligence division wrote in an analysis Monday. “The purpose of this malware is to perform destruction of the host” and “leave the computer system offline.”

In an interview, Talos researchers noted that there was a nuance to the attack that they had not seen before: Even though the hackers clearly demonstrated that they had the ability to destroy victims’ computers, they stopped short of doing so. They erased only backup files on Windows machines and left open the possibility that responders could still reboot the computers and fix the damage.

“Why did they pull their punch?” asked Craig Williams, a senior technical leader at Talos. “Presumably, it’s making some political message” that they could have done far worse, he said.

Talos’s findings matched those of other internet security companies, like CrowdStrike, which determined on Monday that the attacks had been in the works since at least December. Adam Meyers, vice president of intelligence at CrowdStrike, said his team had discovered time stamps that showed the destructive payload that hit the opening ceremony was constructed on Dec. 27 at 11:39 a.m. Coordinated Universal Time — which converts to 6:39 a.m. Eastern Time, 2:39 p.m. in Moscow and 8:39 p.m. in South Korea.

Attackers clearly had a target in mind: The word Pyeongchang2018.com was hard-coded into their payload, as was a set of stolen credentials belonging to Pyeongchang Olympic officials. Those stolen credentials allowed attackers to spread their malware throughout the computer networks that support the Winter Games on Friday, just as the opening ceremony was timed to begin.

Security companies would not say definitively who was behind the attack, but some digital crumbs led to a familiar culprit: Fancy Bear, the Russian hacking group with ties to Russian intelligence services. Fancy Bear was determined to be the more brazen of the two Russian hacking groups behind an attack on the Democratic National Committee ahead of the 2016 presidential election.

Beginning in November, CrowdStrike’s intelligence team witnessed Fancy Bear attacks that stole credentials from an international sports organization, Mr. Meyers said. He declined to identify the victim but suggested that the credential thefts were similar to the ones that hackers would have needed before their opening ceremony attack.

On Wednesday, two days before the ceremony, the Russian Ministry of Foreign Affairs made an apparent attempt to pre-empt any accusations of Russian cyberattacks on the Games. In a statement, released in English, German and Russian, the agency accused Western governments, press and information security companies of waging an “information war” accusing Russia of “alleged cyber interference” and “planning to attack the ideals of the Olympic movement.”

This was not the first Olympic opening ceremony that was a target for hackers. In the lead-up to the 2012 London Games, investigators uncovered attack tools and the blueprints to the Olympic stadium’s building management systems on a hacker’s computer.

It appeared that hackers planned to take out the power to the stadium, said Oliver Hoare, who led cybersecurity matters for the London Games. But officials successfully prevented an attack.

By Nicole Perlroth for The New York Times

FedEx cut its annual profit forecast, citing the $300m cost of a June cyberattack on its TNT Express unit.

The courier now expects to earn no more than $12.80 a share in the fiscal year ending in May after excluding certain items, FedEx said in a statement on Tuesday. That’s down from an original projection of as much as $14 and less than the $13.10 average of analysts’ estimates compiled by Bloomberg.

The global cyberattack in late June struck as the company was stepping up spending to handle more packages from the expansion of online shopping. FedEx also said results at its ground-shipment unit weighed on results, as did Hurricane Harvey, which caused flooding along the US Gulf Coast.

“The first quarter posed significant operational challenges due to the TNT Express cyberattack and Hurricane Harvey,” CEO Fred Smith said in the statement.

FedEx had no insurance to cover the attack, which forced TNT to manually process some transactions.

Shares drop

FedEx fell 2% to $211.61 after the close of regular trading in New York.

Global operations outside the TNT unit weren’t affected by the virus, which entered the unit’s systems through tax software used in the Ukraine. FedEx said it found no evidence of a data breach or information lost to third parties.

The shipper also was among companies hit by the WannaCry ransomware in May, although it said that attack didn’t cause a material disruption to its systems or raise operating costs. Companies around the world struggled to retake control of their networks after the intrusions, which cost them hundreds of millions in potential revenue.

FedEx acquired Dutch shipping company TNT Express for $4.8bn last year to gain an extensive parcel delivery system in Europe to compete with United Parcel Service and Deutsche Post’s DHL. The just-completed quarter was the first in which FedEx reported TNT results as part of its Express division. TNT primarily serves industrial, automotive, high-tech and health-care industries.

FedEx already had planned a 16% expansion in capital spending this year to $5.9bn, after delaying some projects at FedEx Ground to help it process more of the growing number of e-commerce shipments and to boost margins. Deliveries to homes generally have lower yields than to businesses because fewer items are delivered at each stop.

The shipper also said its first quarter profit fell to $2.51 a share, compared with analysts’ average expectation of $3. Sales in the period ended August 31 rose 4% to $15.3bn, compared with the average estimate of $15.35bn.

By Mary Schlangenstein for Fin24

On Friday, doctors at Whipps Cross Hospital, east London, logged into their computers, but a strange red screen popped up. Next to a giant padlock, a message said the files on the computer had been encrypted, and would be lost forever unless $300 was sent to a Bitcoin account – a virtual currency that cannot be traced. The price doubled if the money wasn’t sent within six days. Digital clocks were counting down the time.

What happened?

It was soon revealed Barts Health Trust, which runs the hospital, had been hit by ransomware, a type of malicious software that hijacks computer systems until money is paid. It was one of 48 trusts in England and 13 in Scotland affected, as well as a handful of GP practices. News reports soon broke of companies in other countries hit. It affected 200,000 victims in 150 countries, according to Europol. This included the Russian Interior Ministry, Fedex, Nissan, Vodafone and Telefonica. It is thought to be the biggest outbreak of ransomware in history.

Trusts worked all through the weekend and are now back to business as usual. But the attack revealed how easy it is to bring a hospital to its knees. Patients are rightly questioning if their medical records are safe. Others fear hackers may strike again and attack other vital systems. Defence minister Michael Fallon was forced to confirm that the Trident nuclear submarines could not be hacked.

So how did this happen? The virus, called WannaCry or WannaDecrypt0r, was an old piece of ransomware that had gained a superpower. It had been combined with a tool called EternalBlue which was developed by US National Security Agency spies and dumped on the dark web by a criminal group called Shadow Brokers. Computers become infected with ransomware when somebody clicks on a dodgy link or downloads a booby-trapped PDF, but normally another person has to be fooled for it to harm a different computer. EternalBlue meant the virus could cascade between machines within a network. It could copy itself over and over, moving from one vulnerable computer to the next, spreading like the plague. Experts cannot trace who caused it, whether a criminal gang or just one person in their bedroom hitting “send”.

Like a real virus, it had to be quarantined. Trusts had to shut down computers and scan them to make sure they were bug-free. Doctors – not used to writing anything but their signature – had to go back to pen and paper. But no computers meant they couldn’t access appointments, referral letters, blood tests results or X-rays. In some hospitals computer systems controlled the phones and doors. Many declared a major incident, flagging up that they needed help. In Barts Health NHS Trust, ambulances were directed away from three A&E departments and non-urgent operations were cancelled.

The tragedy is that trusts had been warned of such an attack. Dr Krishna Chinthapalli, a junior doctor in London, wrote an eerily premonitory piece in the British Medical Journal just two days earlier telling hospitals they were vulnerable to ransomware hits.

How to avoid ransomware
Ransomware is a sophisticated piece of malware that blocks the victim’s access to their files, and the only way to regain access to the files is to pay a ransom.

Here are a few tips to avoid ransomware:

  1. Back up everything on the company network – create a sane, quiet backup system and use it daily.
  2. Don’t use Windows XP – it’s a little hard to believe but unsupported operating systems on office computers put data at risk. Consider an upgrade.
  3. Buy a hard drive and back up documents off-site – even if ransomware hits you overnight, you’ll have a few days’ data on this external backup. This will prevent the destruction of important records.
  4. Back up to the cloud – use an internet-based service like Google to store back ups.
  5. Ensure your network security is up-to-date. Install any patches provided by the security software you use.

Businesses often cite cost as a pain point when explaining why they don’t have back-ups or adequate security.
The ultimate question businesses need to ask themselves is: can your company afford to pay the ransom?

Sources: Madlen Davies for www.newstatesman.com; www.techcrunch.com

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top