The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide. The WannaCry Ransomware virus is believed to have hit 200,000 victims in 150 countries, including UK hospitals, utilities in Spain, and Russia’s interior ministry.
The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide. The WannaCry Ransomware virus is believed to have hit 200,000 victims in 150 countries, including UK hospitals, utilities in Spain, and Russia’s interior ministry. Renault shut down several French factories after the cyberattack, and one of Nissan’s UK factories was also impacted.
The scale of the attack prompted Microsoft to take the highly unusual step of releasing patches for unsupported operating systems, including Windows XP. If you have machines running Windows, needless to say, you should patch them as fast as you can.
Currently the “kill switch” discovered by MalwareTech appears to be holding, although it seems reasonable to assume that variants of the virus without the kill switch will begin circulating soon, and indeed Danish security firm Heimdal Security believes they already are .
In the wake of the news Microsoft’s president and chief legal officer Brad Smith took to the company’s website to give a post mortem of the attack citing lessons that need to be learned. Whilst accepting Microsoft’s share of the blame, Smith suggested that the bulk of the responsibility for the massive cyberhack lies at the feet of government agencies.
…this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U. S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
Smith goes on to renew Microsoft’s call in February for a new  » Digital Geneva Convention ”
to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality.
In this context it’s perhaps worth remembering that last year Apple came under tremendous pressure to create a special version of iOS for the U. S. government, under the promise that it would never escape their safe hands and get into the wild. One of those people was presidential hopeful Donald Trump.
The malware seems to have not proved hugely profitable for its owners so far. The BBC reports that « analysis of three accounts linked to the ransom demands suggests only about $38,000 (£29,400) had been paid by Monday morning. »

Similarity rank: 2

Sentiment rank: -1.2

© Source: https://www.infoq.com/news/2017/05/ms-digital-geneva-convention?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global
All rights are reserved and belongs to a source media.

Following up on the massive success of Pokémon GO and the less massive success of Super Mario Run, Nintendo is reportedly planning a Legend of Zelda for..
Following up on the massive success of Pokémon GO and the, well, slightly less massive success of Super Mario Run, Nintendo is reportedly planning a Legend of Zelda for smartphones for release later this year, or so The Wall St Journal’s sources have it.
How exactly they expect to represent the expansive exploring, puzzling and battling that have defined the series heretofore is unclear. Super Mario Run took a minimalist approach to controls, essentially reducing the platformer to a one-button game.
That would be rather difficult with the vastly more complex Zelda series — doubly so considering the improbably well-received Breath of the Wild was so vast and unrestricted. Whether the company would repeat its pricing strategy for Mario is also unknown; sales weren’ t quite what it had hoped.
We’ ll likely know more soon; Super Mario Run was announced three months ahead of its release. But if the timing hinted at by the WSJ’s sources is correct, we’ ll hear about the Animal Crossing game first, though who knows when.

Similarity rank: 2.1

Sentiment rank: 1

© Source: https://techcrunch.com/2017/05/15/nintendo-is-planning-a-legend-of-zelda-mobile-game/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29
All rights are reserved and belongs to a source media.

What seemed to have begun as just another ransomware attack hit the headlines last Friday (May 12th) when it began to attack hospitals and healthcare services in the UK. It became clear pretty quickly that this was in fact something much bigger however, with problems reported…
What seemed to have begun as just another ransomware attack hit the headlines last Friday (May 12th) when it began to attack hospitals and healthcare services in the UK. It became clear pretty quickly that this was in fact something much bigger however, with problems reported at businesses and government bodies around the world.
Infections by the malware known as WannaCrypt or WannaCry, began in Spain with the Telefonica telecommunications giant one of the first to be hit. It then quickly spread to the United Kingdom, Russia, Japan, Taiwan, the United States, and many others. In total, over 150 countries have been affected by the ransomware since Friday, according to Europol.
Some of the highest profile victims were the UK’s National Health Service, the shipping firm FedEx in the US and car maker Renault in France. Microsoft responded by taking the unusual step of issuing patches for out of date operating systems to help users to secure their systems.
Details of the malware used have been released in a blog post by Recorded Future. This also notes the triggering of an in-built ‘kill switch’ by a security researcher going by the Twitter handle @MalwareTechBlog, by registering a domain name which the malware was set to check he was able to stop further infections. If the domain is present when WannaCrypt attacks it exits the system without damage.
Security experts have been quick to point out that this is a two-month old vulnerability and its impact has been down to organizations failing to keep their systems up to date. Ilia Kolochenko, CEO of web security company High-Tech Bridge says, « Many companies were infected because they failed to maintain a comprehensive inventory of their digital assets, and just forgot to patch some of their systems. Others, omitted or unreasonably delayed security patches. Last, but not least — malware’s capacity to self-propagate leveraged the lack of segregation and access control within corporate networks. »
Over the weekend new versions have emerged without the kill switch. Stu Sjouwerman, CEO of security awareness training provider KnowBe4 says, « This means the attackers resumed their campaign even though the MalwareTech security researcher accidentally cut off the original wave. WannaCry’s persistence is only the beginning. It is indicative of the sophistication of ransomware and its ability to severely impact critical infrastructures. »
KnowBe4 also offers recommendations for protecting against the attack. These include checking firewall configurations to make sure no criminal network traffic is allowed out, and disabling SMB1 (Server Message Block) on all machines.
Installing Secure Email Gateway (SEG) , to carry out URL filtering and make sure it’s tuned correctly is also recommended along with patch endpoint, OSes and 3rd-party applications regularly. Endpoints and web-gateways also need to have next-generation, frequently updated security layers.
If a machine is infected with WannaCrypt or other ransomware it needs to be wiped and re-imaged from bare metal.
This attack should also be a trigger for enterprises to review their security procedures. In particular they need to identify users that handle sensitive information and enforce higher-trust authentication such as 2FA. Policies and procedures should also be tightened, specifically those related to financial transactions, to prevent CEO fraud. Finally employees need to be aware of and able to spot social engineering attacks via multiple channels, not just email.
Moshe Ben-Simon, co-founder and vice president of deception technology firm TrapX Security says, « The solution to avoiding and defeating these attacks is increased visibility. They will get in your networks — but how will you know? You must be able to find these attacker tools in your network before they can encrypt and control your data. New best practices, especially in highly targeted industries such as healthcare, finance and manufacturing, suggest further movement towards technologies that can detect and then engage ransomware tools. »
Photo Credit: Carlos Amarillo / Shutterstock

Similarity rank: 1.1

Sentiment rank: 0

© Source: https://betanews.com/2017/05/15/wannacrypt-what-we-know/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+BetaNews+Latest+News+Articles
All rights are reserved and belongs to a source media.

WannaCry ransomware exploited a number of factors to cause much damage. Now comes the difficult task of preventing it happening again.
The first wave of the ransomware attack that engulfed businesses around the world last week has apparently now passed, although it’s quite possible more infections will occur.
But the post-mortem on how it happened — and how to stop it happening again — has only just begun.
With this one, there’s plenty of blame to go around.
Clearly most of the blame must go to the shadowy malware developers who created the ransomware in the first place. They have caused havoc worldwide, with the cruellest impact on the many patients who have had their treatments delayed and operations cancelled. For these people to be put at risk because of a squalid get-rich-quick scheme, which seems to have raised just a few tens of thousands of dollars, is utterly beneath contempt.
But there are a host of other factors that made it easier for WannaCry (a.k.a. WannaCrypt) to do as much damage as it did.
WannaCry would never had been as invasive had it not been turbocharged by the so-called EternalBlue exploit.
EternalBlue had been dumped online by the ShadowBrokers, a group that’s allegedly linked to Russian intelligence.
The ShadowBrokers had themselves stolen these tools from the US National Security Agency (NSA) , which presumably developed them for espionage purposes.
Dumping these tools online after they failed to sell them to the highest bidder was a hugely reckless act, probably designed to embarrass the NSA and be a nuisance. But once such dangerous software is made public, it’s impossible to know how it will be used — and now Russia is one of the countries worst hit by WannaCry.
Dumping the tools was clearly rash — but should the NSA have developed them in the first place? Intelligence agencies have a long history of spotting weaknesses in software, and while most are turned over to software vendors to fix, they keep a few back to make it easier to sneak into the computer systems of rival states. So flaws that could be fixed remain open.
As Microsoft’s president Brad Smith said, the WannaCrypt attack « provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem ». These exploits have a habit of leaking into the public domain and cause widespread damage, he said.
« An equivalent scenario with conventional weapons would be the U. S. military having some of its Tomahawk missiles stolen,  » he said, adding: « This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action. »
Former NSA-contactor-turned-whistleblower Edward Snowden was more succinct, tweeting: « Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost. »
Others have made a similar point: « While GCHQ cannot be blamed for the NHS’s reliance on out of date software, the decision that the NSA and GCHQ have made in keeping this vulnerability secret, rather than trying to get it fixed, means they have a significant share of the blame for the current NHS ransom,  » said the Open Rights Group .
A fix for the software vulnerability made public by the ShadowBrokers had been available since March for modern versions of Windows, but it’s clear that not every organization had updated their systems to protect against it. Not everyone has the time to patch every vulnerability, and some take their time with updates in case a patch breaks something else.
But for older versions of Windows — like the venerable Windows XP — there was no patch, because Microsoft no longer provides security updates for it (Windows XP first went on sale in 2001) . As WannaCry spread, Microsoft did issue an emergency patch for XP and other out-of-support Windows versions, and the crisis will surely reopen questions about how long Microsoft should support old versions of its software.
It’s well known that the NHS and other organisations still have PCs running XP. Older operating systems become ever riskier to use when connected to the public internet, and the WannaCry episode is just one example.
Why do some organisations stick with XP? Some of these PCs may be running XP-specific software for a particular task; others may not be internet-connected and are therefore somewhat less vulnerable. But it’s often an issue of cost, with organisations unable to afford to upgrade hardware and software — especially in the healthcare sector, where there are always plenty of competing areas for funding.
In hindsight, such penny-pinching may not have been the wisest move. Already politicians are arguing over whether a lack of funding was to blame for the NHS being hit quite so hard by the ransomware.
Similar arguments will be taking place inside many organisations. Meanwhile, intelligence agencies need to reconsider how they use software vulnerabilities. Microsoft’s Brad Smith is right that this latest ransomware attack should be a wake-up call to governments and industry. Much now depends on how they respond.

Similarity rank: 2.1

Sentiment rank: -0.8

© Source: http://www.zdnet.com/article/ransomware-attack-amidst-the-chaos-the-blame-game-begins/
All rights are reserved and belongs to a source media.

Microsoft’s president and chief legal counsel has renewed a call for a digital Geneva convention following Friday’s WannaCrypt ransomware attacks.
Microsoft president and chief legal officer Brad Smith has called for « urgent collective action » in response to Friday’s WannaCrypt ransomware attack on Windows machines that didn’t have Microsoft’s March patch for a flaw in the Windows Server Message Block (SMB) protocol.
Governments, in particular intelligence agencies such as the National Security Agency (NSA) , need to rethink the practice of stockpiling cyberweapons, Smith said in a blogpost on Sunday detailing how Microsoft, governments, and industry can prevent a repeat of Friday’s devastating and widespread WannaCrypt ransomware attack.
While improvements can be made by all groups, as Smith emphasized, the WannaCrypt exploit that caused Friday’s chaos was « drawn from the exploits stolen from the National Security Agency ». In other words, had the NSA reported the flaw to Microsoft instead of keeping it and eventually leaking it, Friday’s attack might not have been so widespread.
The WannaCrypt attacks hit Europe first, crippling around 45 UK hospital groups among others, before being accidentally contained by security researchers at MalwareTech, minimizing the impact on US organizations.
The specific NSA exploit that WannaCrypt adopted as a replicating mechanism was called EternalBlue, which targeted a flaw in Windows SMB and was leaked by the mystery hacker group, Shadow Brokers, in April.
Microsoft fortunately released a patch for the flaw in the MS17-010 bulletin in March, but as Friday’s attacks revealed, many organizations don’t or can’t apply patches within two months, even for critical, highly publicized flaws.
« This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,  » said Smith, comparing the exploit’s theft to stolen missiles .
« We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,  » he wrote.
« An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action. »
Smith highlighted Microsoft’s decision on Friday to release a patch for unsupported Windows XP, Windows 8, and Windows Server 2003, as evidence of the priority it places on security, alongside updates in Windows Defender and its Advanced Threat Protection service.
And while he reminded users that « there is simply no way for customers to protect themselves against threats unless they update their systems », Smith does concede that some organizations face a « formidable » challenge in applying patches immediately.
Exactly how Microsoft plans to make it easier for organizations to patch their systems without breaking operational equipment remains to be seen. However, Smith said Microsoft is « dedicated to developing further steps to help ensure security updates are applied immediately to all IT environments ».
Finally, Smith believes the WannaCrypt attack illustrates why it makes sense governments for to agree to Microsoft’s proposal for a ‘digital Geneva convention’, which would require governments to report vulnerabilities to vendors, rather than stockpile or buy and sell them.
« We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part,  » Smith finished.
According to Reuters, Russian president Vladimir Putin agrees with Microsoft on this issue.
« I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the US intelligence services,  » Putin said.
« Once they’re let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators,  » he added.
« So this question should be discussed immediately on a serious political level, and a defense needs to be worked out from such phenomena. »

Similarity rank: 2.1

Sentiment rank: -0.1

© Source: http://www.zdnet.com/article/windows-ransomware-wannacrypt-shows-why-nsa-shouldnt-stockpile-exploits-says-microsoft/
All rights are reserved and belongs to a source media.