Massive cyber attack — a threat which can not be avoided

Atlantico: on Friday there was a cyber attack “unprecedented scale”, according to Europol. It was attended by approximately one hundred countries, hitting including hospitals and banks, Renault, FedEx and the Ministry of defense of Russia. What happened? Talking about security holes many operators, which are directly affected by this attack?

Frank Geklommen:
“Your files were encrypted. Your documents, photos, videos, databases and other files no longer available because it was encrypted.

Perhaps, you are trying to find a way to recover your files, but do not waste time in vain. It can’t do it but our teachers”. So reads the message that appears on the screen of all infected computers… Smile, you are a victim of the “cryptovirus”.

Over the past few days around the world there were a lot of statements that only spread the alarm. They scare ordinary mortals, which impressed with the scale and possible consequences of such mass malware distribution. “The recent attack is unprecedented and will require an integrated international investigation to determine the perpetrators,” responded immediately in the management of Europol. “Attack on the international level have affected organizations in Australia, Belgium, France, Germany, Italy and Mexico,” said analysts working on cybersecurity company Forcepoint Security Labs. The European centre for combating cybercrime at Europol “cooperates with other departments in the fight against cybercrime attack-affected countries and key industrial partners to counter the threat and aid victims.” Joint group on fight against cybercrime (J-CAT) was “specially designed to assist in such investigations and will play a significant role in supporting the investigation,” said Europol.

If you sum up all we know at the moment, the hackers used Windows found in the “hole”, which was originally discovered by the famous national security Agency of the United States. The vulnerability was reported in confidential documents of the Agency that were stolen from him, and then posted on the Internet in March 2017. From the list of countries covered is simply the head goes around, and experts on cyber security there is no doubt that all these incidents are connected. Moreover, in many cases, on the screens of affected computers appeared one message with the requirement of 300 dollars and bitcoins (the amount increases with time). On Saturday morning talking about 99 countries, and many businesses and government agencies have acknowledged that are the target of a cyber attack. The total number of attacks has exceeded 75 thousand for the period of less than 24 hours…

The heads of Central banks and Finance ministries of the group of seven who gathered on Saturday in Bari in the South of Italy, promised on the sidelines of the meeting to improve the cyber security of all banking institutions. State organizations and enterprises affected in the United States (including the postal service, FedEx), in the UK, Italy, France, Australia, Spain, Taiwan, Belgium, Germany, Mexico, China, Ukraine and other countries. Whatever it was, that the picture of infection may be incomplete.

French automaker Renault also announced that he was in the list of victims of cyber-attacks. “We were touched — briefly noted by the official representative of the company, specifying that it is assessing the situation. — Steps were being taken Friday night. Taken all necessary counter attack.” Renault was forced to halt production at some plants, including in the French Sandouville, as well as in Slovenia: the work was stopped at the plant local subsidiary Revoz. The Paris Prosecutor’s office on the application an investigation was initiated. In recent days the list of potential targets of a cyber attack, which revealed U.S. and British authorities, is growing steadily…

According to the National Agency of security of information systems, Renault is the only victim in France. Whatever it was, it is possible that “there are others”, even if they are yet unknown, said the Agency’s Director General Guillaume Poupart (Guillaume Poupart). “There is no reason that the cloud stopped at the French borders,” he conducts a comparison with the Chernobyl accident and unpredictable route to her generated by radioactive clouds. Earlier, Deutsche Bahn and Spanish Telefonica acknowledged that the victims of such attacks. Suffered from them at some boards at the stations, however, Deutsche Bahn argued that at the moment all this has not affected the movement of trains in Germany.

The Russian Central Bank reported the detection Saturday mass cyber attacks against Russian banks, which still managed to reflect. The Russian press also reported cyber attacks on the Railways (also unsuccessful). These malicious acts have become particularly severe blow to the National health system of great Britain: the country was blocked from the computers of about 40 hospitals. “At this stage we have no reason to believe that someone managed to access patient data”, — reported in a press-Department service.

— Edward Snowden (Edward Snowden) alleges that the NSA had been aware of the vulnerability in Windows, which made it possible for this cyber attack. “If they reported the existence of vulnerabilities once found her (…), all this would not have happened”, — he wrote in Twitter. Do you agree with him?

— Former consultant of the NSA Edward Snowden, who in 2013 told the world about the scale deployed by the Agency wiretaps, used the occasion to once again condemn the practices of its former management on Twitter: “If the NSA privately be informed about the vulnerability, which was used for cyber attacks on hospitals, when it “found” her, not in that moment, when her record was stolen from him, all this could have been avoided”. Ransomware WannaCry (also known as WCry, WCrypt and Wana Decryptor) has infected countless computers around the world, for businesses and individuals. “whatever it was, the threat, apparently, is no more after the “switch”. Before activating WCrypt checks the existence of a special domain name, which, as it turned out, was actually activated, — the expert on cyber security. “It’s funny to see how the magic of marketing with the move turns stupid “extortionist” in a “cyber attack” on a world scale… to the bag he adds. — I believe that the attack must be on to something targeted. There is no goal. Just a stupid virus.” In any case, nothing prevents criminals or their imitators to create a new version of the virus and to conduct a new operation on Monday morning. At this point, millions of employees come back after the weekend and can, unwittingly, the virus to reactivate. What is not excluded.

According to the expert on strategic issues Brule sébastien (Sébastien Brouiller) from SISCOM Partners, a feature of the current “digital intrusion” in that it “does not apply in the classical manner, through the opening of infected e-mails and reproduces itself through the infected computers without pre-defined goals.” “The challenge, of course, is criminal and implies immediate coverage of a greater number of people. The first motive, of course, was the illegal receipt of money: all this brings a lot of money to hackers, because some of the many, many victims pay to reclaim fraudulently encrypted data”. This method is well known to all the experts on cyber security. In addition, it should be noted that the operation can be resumed by modifying the original virus to encrypt files using the updated system. “This raises a number of issues, — the expert continues. — Why do international companies and major world-class enterprise was so easily infected through their computer network? As security struggled with this, importantly, is known for jeopardy? Surprising fact: not affected enterprise was clearly wary and expected the attack for several days!” The affected companies had a low level of security. “Hackers checked the goal of strength through the waves of attack from 24 to 27 April, using classical cryptovirus”. In this context, “banks and insurance companies represent a very complex goal.” “Banking institutions each year spend tens of millions of euros in malware resistance and a very efficient teams of experts.” “We analyzed a previous wave and decided to make highest priority “fixes” for business, that we are not caught off guard… At the same time, in the industry of cybercriminals much easier. It’s an easy target”. “In this attack, we see an aggressive team that picks victims based on their vulnerability,” the expert believes.

In March, Microsoft issued a security patch that closes the vulnerability in all versions of Windows. Anyway, many systems around the world and have not been updated. According to the specialist Minkowski Tim (Tim Minkowsky), “malicious software was demonstrated in April, hacker group Shadow Brokers that claims to have learned of the vulnerability through the NSA”. “In contrast to the usual “ransomware, this program is distributed directly from computer to computer on local servers, rather than through emails,” he continues. “Although it was disabled, it does not mean that the causes have disappeared. Tomorrow worldwide can be released a new version of the same virus as the same criminals, and another group with exactly the same disastrous consequences” for the global fleet of computers. “The vulnerability will not go away and is waiting to she has again used”. “Install computers for the latest updates and store sensitive data on external media,” he advises to the common people.

This cyber attack has increased the level of threat that hangs over our digital environment? What could be its authors?

— The operation really stands out, both in scale and action methods. The approach used is characterized by ingenuity and originality, because it greatly facilitates the infection (everything happens in less than a day) using worldwide networks of connected computers. At the same time the motivation of these actions classic: money!

“As for the impact of an attack in the industry, they will be very serious, underlines sébastien Brule. In particular, this applies to Renault, which had to stop production at several factories in Europe (in Sandouville in Normandy, in Novo mesto in Slovenia, Dacia plant in Romania and also the plant partner Renault Nissan’s UK Sunderland). Although the plants are about to resume Monday, an unexpected production stop, without a doubt, will cost the company several million euros. A heavy blow in the conditions of a fierce competition.” Moreover, the resulting systemic risk is also very significant. The collateral damage will affect (albeit to a lesser extent) the entire industrial ecosystem of the enterprise. The existence of potential contamination in the form of a virus that can spread over the network without having to open the infected emails is a real disaster in the industry. “In the factories, computer controlled everything, including test stands, automated lines, ventilation, technical systems, blowing smoke and fumes, etc. Computer system, without a doubt, is the lungs of the plant. If it is cracked or infected, it paralyzes in a straight line the entire ecosystem and services: personnel, production control, maintenance, purchasing, sourcing, logistics, Finance, quality control, engineering, development, production, etc.” the List can be long. “It is therefore necessary to urgently check all computers of the plant and to carry out the updates, says Sebastien Brule. — A difficult task when you consider the number of computers in the same factory in Sandouville” (tens of thousands — approx.ed.).

If you don’t count the attack on the computer systems, the cyber attack of unprecedented scale raises the question of cybersecurity companies and their management. Specialists in economic intelligence in one voice insists that organizations need a real service that would address this issue. Now they need to adapt to the threat and to create legal tools that will allow you to set the damage due to cyber attacks. In addition, although some insurance companies offer agreements in this field, whether they are sufficient to cover the risks and their consequences?

But how not to fall into the trap? “A required competent of the group that would be involved in the identification, investigation and analysis processes. Strict rules of information security and sufficient allocated funds, of course, are key measures against such surprises. Otherwise, all in vain. It is an endless arms race. The constant introduction of new security tools is extremely important. And there can be no let-up”.

To get the chain to criminals who have designed and implemented such an extraordinary cyber attack, it is difficult and even practically impossible. Areas of infection too much. The same applies to payment of “ransom” in the bitcoin network. Anyway, the police around the world doing everything possible to find who arranged this unprecedented operation of criminals, based in particular on knowledge of the most experienced employees of the Interpol and the FBI.