wannacry   289

« earlier    

Windows malware WannaCry delays manufacturing of the next iPhone processor • Motherboard
Samantha Cole:
<p>Taiwan Semiconductor Manufacturing Co Ltd (TSMC) admitted that the attack was possible because of an unpatched Windows 7 system, which was vulnerable to the infamous ransomware WannaCry while the company was installing a new tool. The infection happened when a supplier connected tainted software to TSMC’s network without a virus scan, according to Bloomberg.

TSMC is Apple’s exclusive supplier of the iPhone’s A-series chips. The attack, which cost the manufacturer $250m, could have been prevented, because it left its Windows 7 systems unpatched. The patch has been available for approximately a year.

The WannaCry virus started spreading in 2017, and has infected 200,000 computers across 150 countries. As a relatively old virus, you can easily protect against it by keeping your PC software updated, which TSMC apparently failed to do. Because there are so many systems still out there that are still not being properly patched, we can still see infrastructure like TSMC that’s vulnerable to the same attacks a year later.

In an <a href="http://www.tsmc.com/tsmcdotcom/PRListingNewsAction.do?action=detail&newsid=THHIANTHTH&language=E">official statement</a>, TSMC said that the company expects the incident to “cause shipment delays and additional costs,” with third quarter revenue taking as 3% hit. But analysts say that the company was prepared for this kind of attack, and its customers might not see much of a difference in shipping delays or costs.</p>

Lasted five days; how many A12 processors had TSMC made already? How much has this affected it? If it's five days, then probably not that much, truth be told. And once the systems are restored, it's all as it was before.

Though of course it would be a wonderful hacking story to put a bug in the A12. Except that this was just an accident.
wannacry  tsmc  iphone 
august 2018 by charlesarthur
How Similar Are WannaCry And Petya Ransomware?
Lateral movement: While both types of malware attempted to spread using an SMB vulnerability, the Petya variant did not require the SMB vulnerability to spread. If the SMB route failed, the Petya variant was able to achieve lateral movement by harvesting credentials from the infected system and using PsExec and WMIC (native remote administrative tools) to gain access to other systems on the network.
wannacry  petya  ransomware  worm  cybersecurity 
january 2018 by bwiese
(429) https://twitter.com/andreamvaldez/status/943283562664558593
KoreaBehind ? Either this is a huge joke or the world should be be very afraid.
wannacry  north  from twitter
december 2017 by SolomonCroesus
Trump admin calls out North Korea hackers, stays mum on Russia’s • Daily Beast
Joseph Cox:
<p>On Monday the Trump administration publicly attributed the WannaCry cyberattacks—which locked down computers in businesses, health-care institutions and governments around the world—to North Korea. Thomas P. Bossert, President Trump’s Homeland Security adviser, made the announcement in an op-ed in The Wall Street Journal, and held a White House press conference Tuesday, complete with maps showing which countries were infected by the malware epidemic.

This fanfare could not be much further from how the Trump White House has addressed the issue of Russian hacking throughout the 2016 election and beyond, even though the same intelligence agencies likely contributed to both conclusions.

“It’s striking that a campaign that for so long denied the possibility of attribution has turned into an administration that now treats it as routine enough to do it in the newspaper—when the adversary is not Russia,” Ben Buchanan, a fellow at Harvard University’s Belfer Center Cyber Security Project, told The Daily Beast.</p>

As part of the book I've been writing about hacking, I've looked into the John Podesta hack. What's remarkable is the sheer volume of straightforward attributions from both private and security groups saying that the DNC and Podesta hacks were the work of Russian groups. What's also remarkable is how the media largely ignored them, and focussed instead on the content released by those hacks. As Cox also points out, the NotPetya attack in June is attributed to Russia; howcome the Trump administration isn't calling them out?

The other question: why now? GCHQ and CERT had this pinned down to North Korea back in June. What's held up the US attribution? The logical conclusion is that this is trying to publicly make an even greater enemy of North Korea, and to make it look less foolish and more crafty - and dangerous.
trump  northkorea  wannacry 
december 2017 by charlesarthur
Your Monday Briefing
North Korea was behind the “WannaCry” cyberattack in May that struck thousands of computers around the world, disrupting the British health service and some rail systems in Germany,
nytimes  northkorea  wannacry 
october 2017 by asilvao
Investigation: WannaCry cyber attack and the NHS • National Audit Office (NAO)
<p>The key findings of the investigation are:

• The Department was warned about the risks of cyber attacks on the NHS a year before WannaCry and although it had work underway it did not formally respond with a written report until July 2017. The Department and Cabinet Office wrote to trusts in 2014, saying it was essential they had “robust plans” to migrate away from old software, such as Windows XP by April 2015. In March and April 2017, NHS Digital had issued critical alerts warning organisations to patch their systems to prevent WannaCry. However, before 12 May 2017, the Department had no formal mechanism for assessing whether local NHS organisations had complied with their advice and guidance and whether they were prepared for a cyber attack.

• The attack led to disruption in at least 34% of trusts in England although the Department and NHS England do not know the full extent of the disruption. On 12 May, NHS England initially identified 45 NHS organisations including 37 trusts that had been infected by the WannaCry ransomware. In total at least 81 out of 236 trusts across England were affected. A further 603 primary care and other NHS organisations were infected by WannaCry, including 595 GP practices. However, the Department does not know how many NHS organisations could not access records or receive information, because they shared data or systems with an infected trust. NHS Digital told us that it believes no patient data were compromised or stolen…

• The Department had developed a plan, which included roles and responsibilities of national and local organisations for responding to an attack, but had not tested the plan at a local level. As the NHS had not rehearsed for a national cyber attack it was not immediately clear who should lead the response and there were problems with communications. Many local organisations could not communicate with national NHS bodies by email as they had been infected by WannaCry or had shut down their email systems as a precaution, though NHS Improvement did communicate with trusts’ Chief Executive Officers by telephone. Locally NHS staff shared information through personal mobile devices, including using the encrypted WhatsApp application.</p>

That last bit is deliciously ironic given ministers' repeated calls to be able to tap into it. Turns out mobile is the last resort - and reliable.
wannacry  nhs  ransomware 
october 2017 by charlesarthur
#wannacry: cyber defence failure or organisational lapse? • Medium
Vladimiro Sassone on the National Audit Office report into Wannacry:
<p>This particular attack — as several others before — was known, not particularly sophisticated, and has only affected organisations which did not take the recommended precautions. Once a vulnerability is in the public domain, you either close it by applying the relevant patch, or stand as a sitting duck borrowing time on your good luck.

Admittedly, for organisations like the NHS this represents a big cultural change. These are organisations used to procure their equipment and then expect to use it flawlessly for tens of years, without giving it a further thought. The reality is that IT does not work that way. IT systems can be extremely complex, and therefore (for reasons too long to explain here) are not perfect, are reachable from the global network, and therefore are exposed to all sort of malicious behaviours and attacks, and so need constant revision. When a critical piece software becomes no longer supported, it has essentially reached the end of its useful life, and must be replaced, even if at the naked eye it may still appear as perfectly viable. This is true of PCs running the obsolete Windows XP, as well as of other scary situations with health devices and implants not designed with security and upgradability in mind.</p>

(Sassone is based at the University of Southampton, in the cyber security controls effectiveness project; they've produced a paper on <a href="http://users.ecs.soton.ac.uk/vs/CSCE30pub.pdf">what SME networks need for cybersecurity</a>.)

I'm writing a book on hacking, and ransomware is one of the chapters - with a focus on hospitals. The NHS problem is hydra-headed: million-pound equipment you replace once every 20 years uses old interfaces; small numbers of IT staff; large numbers of temporary staff who might not know what not to click; old equipment. It's a nightmare.
ransomware  nhs  wannacry 
october 2017 by charlesarthur
NHS could have avoided WannaCry hack with 'basic IT security', says report | Technology | The Guardian
RT : Too bad breaches arent accounted for in a budget as a loss; maybe that would change this type of thinking
WannaCry  from twitter
october 2017 by xjubeix

« earlier    

related tags

18  2017  2017w20  @twitter  aclu  advertising  analysis  and  article  articles  artificialintelligence  artikel  asus  attack  attribution  austerity  badrabbit  bangladesch  banken  bitcoin  botnet  business  businessmodels  capitalism  charged  cheating  comparison  computer  computer_security  computers  computing  cory  corydoctorow  crime  critique  cryptography  cyber  cyberattack  cyberattacks  cybercrime  cyberhack  cybersecurity  cyberwar  dc:creator=morozovevgeny  dctagged  ddos  decryptor  defcon  defstar5  dmca  doctorow  don't  drama  edtech  edtechstrategies  exploits  favs  fbi  featured  fix  forbes  funny  future  hack  hacker  hackers  hacking  hacks  heise  here’s  hp  ideas  in  incentives  infected  infographic  infosec  infrastructure  investigation  iphone  journalism  key  kfdigital17  korean  later  law  linux  lol  lurks  malware  media  microsoft  miss  monopolies  months  msi  ncsc  networking  news  nhs  nordkorea  north  north_corea  north_korea  northkorea  notpetya  nsa  nuclear  nytimes  on  opinion  opsec  ownership  petya  privacy  programmer  ramsonware  ransom  ransomware  recon  recovery  rentiership  rentism  resource  review  rvalley  samba  schutz  security  sicherheit  siliconvalley  slots  smb  software  softwareasservice  sony  still  stratechery  support  surveillance  swift  sysadmin  tabloids  tech  technology  the  trident  tripwire  trojaner  trump  tsmc  tweets  uk  unlock  usa  virus  volkswagen  voting  vulnerability_disclosure  vulnerability_equity_process  wannacrypt  wapo  war  washpost  wikileaks  windows  windows7  windowsxp  winxp  worm  wurm  zerodays 

Copy this bookmark: