Security experts find clues to ransomware worm’s lingering risks


By Eric Auchard | FRANKFURT

FRANKFURT Two-thirds of those caught up in the past week’s global ransomware attack were running Microsoft’s Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.

Researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia, believing that identifying “patient zero” could help catch its criminal authors.

Visit our new websites featuring all the news and latest technology that is about to change the world we live in forever

They are having more luck dissecting flaws that limited its spread.

Security experts warn that while computers at more than 300,000 internet addresses were hit by the ransomware strain, further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences.


All the links in Encyclopedic.co.uk stories are in RED with a Square and arrow, follow the links if you need to get more information, All our stories have all the links back to the original source, we also have other versions of the story on our website, Search our site using the link to the top left, check them all so you can decide what is the truth or copy and paste some words into google and get even more sources.

Any external stories, features, news feeds, articles or external website content, linked to from within this website (through direct links or RSS feed boxes, etc.) are the absolute, and strict, copyright of the writers, owners or publishers concerned.

Search our Site 

www.google.com

“Some organizations just aren’t aware of the risks; some don’t want to risk interrupting important business processes; sometimes they are short-staffed,” said Ziv Mador, vice president of security research at Israel’s SpiderLabs Trustwave.

“There are plenty of reasons people wait to patch and none of them are good,” said Mador, a former long-time security researcher for Microsoft.

WannaCry’s worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7, said Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity.

Data from BitSight covering 160,000 internet-connected computers hit by WannaCry, shows that Windows 7 accounts for 67 percent of infections, although it represents less than half of the global distribution of Windows PC users.

Computers running older versions, such as Windows XP used in Britain’s NHS health system, while individually vulnerable to attack, appear incapable of spreading infections and played a far smaller role in the global attack than initially reported.

In laboratory testing, researchers at MWR and Kyptos say they have found Windows XP crashes before the virus can spread.

Windows 10, the latest version of Microsoft’s flagship operating system franchise, accounts for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, BitSight estimated.

COMPUTER BASICS

Any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled “critical” when it was released on March 14 on all computers on their networks are immune, experts agree.

Those hit by WannaCry also failed to heed warnings last year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.

“Clearly people who run supported versions of Windows and patched quickly were not affected”, Trustwave’s Mador said.

Microsoft has faced criticism since 2014 for withdrawing support for older versions of Windows software such as 16-year-old Windows XP and requiring users to pay hefty annual fees instead. The British government canceled a nationwide NHS support contract with Microsoft after a year, leaving upgrades to local trusts.

Seeking to head off further criticism in the wake of the WannaCry outbreak, the U.S. software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers.(reut.rs/2qvSPUR)

Microsoft declined to comment for this story.

On Sunday, the U.S. software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – and sharing those flaws with technology companies to better secure the internet (reut.rs/2qAOdLm).

Half of all internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 percent respectively. Infection levels spiked again in both countries this week and remained high through Thursday, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.

By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.

(To view a graphic on the ransomware WannaCry worm, click tmsnrt.rs/2qIUckv)

DUMB AND SOPHISTICATED

The ransomware mixes copycat software loaded with amateur coding mistakes and recently leaked spy tools widely believed to have been stolen from the U.S. National Security Agency, creating a vastly potent class of crimeware.

“What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption”, said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic.

Last Friday, the company’s British-based 22-year-old data breach research chief, Marcus Hutchins, created a “kill-switch”, which security experts have widely hailed as the decisive step in halting the ransomware’s rapid spread around the globe.

WannaCry appears to target mainly enterprises rather than consumers: Once it infects one machine, it silently proliferates across internal networks which can connect hundreds or thousands of machines in large firms, unlike individual consumers at home.

An unknown number of computers sit behind the 300,000 infected internet connections identified by Kryptos.

Because of the way WannaCry spreads sneakily inside organization networks, a far larger total of ransomed computers sitting behind company firewalls may be hit, possibly numbering upward of a million machines. The company is crunching data to arrive at a firmer estimate it aims to release later Thursday.

Liran Eshel, chief executive of cloud storage provider CTERA Networks, said: “The attack shows how sophisticated ransomware has become, forcing even unaffected organizations to rethink strategies.”

ESCAPE ROUTE

Researchers from a variety of security firms say they have so far failed to find a way to decrypt files locked up by WannaCry and say chances are low anyone will succeed.

However, a bug in WannaCry code means the attackers cannot use unique bitcoin addresses to track payments, security researchers at Symantec found this week. The result: “Users unlikely to get files restored”, the company’s Security Response team tweeted.

The rapid recovery by many organizations with unpatched computers caught out by the attack may largely be attributed to back-up and retrieval procedures they had in place, enabling technicians to re-image infected machines, experts said.

While encrypting individual computers it infects, WannaCry code does not attack network data-backup systems, as more sophisticated ransomware packages typically do, security experts who have studied WannaCry code agree.

These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims.

Less than 300 payments worth around $83,000 had been paid into WannaCry blackmail accounts by Thursday (1800 GMT), six days after the attack began and one day before the ransomware threatens to start locking up victim computers forever. (Reuters graphic: [tmsnrt.rs/2rqaLyz)

The Verizon 2017 Data Breach Investigations Report, the most comprehensive annual survey of security breakdowns, found that it takes three months before at least half of organizations install major new software security patches.

WannaCry landed nine weeks after Microsoft’s patch arrived.

“The same things are causing the same problems. That’s what the data shows,” MWR research head Pratley said.

“We haven’t seen many organizations fall over and that’s because they did some of the security basics,” he said.

View the original article: http://feeds.reuters.com/~r/reuters/technologyNews/~3/uqpMk_eKMUI/us-cyber-attack-failures-idUSKCN18E2SG

(Editing by Philippa Fletcher)

Beware of other sites you have never heard of giving you news, a lot of them are just wanting to feed you multiple popup adverts and malware

Visit us on facebook at https://www.facebook.com/notinthemainstreamnews/
We use all our content under fair use to compare who is Fake and who is not, we do not claim ownership at all, all stories are published by the owners as FREE RSS Feeds.

Othen.bizRegisteredgites.com Giteinfrance.biz – Simonothen.com = Northernsoulers.uk – LaBataille.co.uk

Next In Technology News

In the same category are

BA cancels flights from London as global IT outage causes chaos By Michael Holden | LONDON LONDON British Airways canceled all its flights from London's two biggest airports on Saturday after a global computer sy...
Acquisitions accelerate as tech giants seek to build AI smarts By Julia Love | SAN FRANCISCO SAN FRANCISCO A total of 34 artificial intelligence startups were acquired in the first quarter of this year, more tha...
Newly discovered vulnerability raises fears of another WannaCry SINGAPORE A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to ...
Bitcoin soars above $2,400 to all-time high Digital currency bitcoin hit a fresh record high on Wednesday, surging above $2,400, as demand for crypto-assets soared with the creation of new tok...
Apple and Nokia see deeper partnership after ending patent dispute By Jussi Rosendahl and Tuomas Forsell | HELSINKI HELSINKI Apple has settled a patent dispute with Finnish telecom equipment maker Nokia and agreed t...
Hackers hit Russian bank customers, planned international cyber raids By Jack Stubbs | MOSCOW MOSCOW Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were...
Exclusive: North Korea’s Unit 180, the cyber warfare cell that worries the West By Ju-min Park and James Pearson | SEOUL SEOUL North Korea's main spy agency has a special cell called Unit 180 that is likely to have launched some...
Softbank-Saudi tech fund becomes world’s biggest with $93 billion of capital By Andrew Torchia | RIYADH RIYADH The world's largest private equity fund, backed by Japan's Softbank Group and Saudi Arabia's main sovereign wealth...
French researchers find way to unlock WannaCry without ransom By Eric Auchard | FRANKFURT FRANKFURT French researchers said on Friday they had found a last-chance way for technicians to save Windows files encry...
Google challenges Apple’s Siri by opening digital assistant to iPhone By Julia Love Alphabet Inc’s (GOOGL.O) Google said on Wednesday it would make its digital assistant available on Apple Inc’s (AAPL.O) iPhone, makin...
Cyber attack eases, hacking group threatens to sell code By Dustin Volz | WASHINGTON WASHINGTON Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that le...
Researchers see possible North Korea link to global cyber attack By Dustin Volz | WASHINGTON WASHINGTON Cyber security researchers have found technical clues they said could link North Korea with the global WannaC...
More disruptions feared from cyber attack; Microsoft slams government secrecy By Dustin Volz and Eric Auchard | WASHINGTON/FRANKFURT WASHINGTON/FRANKFURT U.S. and European officials scrambled to catch the culprits behind a mas...
Businesses bolster cyber defenses for new ransomware attacks By Jim Finkle and Eric Auchard | TORONTO/FRANKFURT TORONTO/FRANKFURT Businesses around the world scrambled on Saturday to prepare for a renewed cybe...
Global cyberattack disrupts shipper FedEx, UK health system By Costas Pitas and Carlos Ruano | LONDON/MADRID LONDON/MADRID A global cyberattack leveraging hacking tools widely believed by researchers to have ...
Trump signs order aimed at upgrading government cyber defenses By Dustin Volz | WASHINGTON WASHINGTON U.S. President Donald Trump signed an executive order on Thursday to bolster the government's cyber security ...
Snap shares plummet as user growth slows, revenue misses Snap Inc (SNAP.N) shares plunged in after-hours trading on Wednesday after the parent of the popular disappearing-messaging app Snapchat reported slo...
Apple tops $800 billion market cap for first time By Chuck Mikolajczak | NEW YORK NEW YORK Apple Inc (AAPL.O) became the first U.S. company to top the $800 billion mark in market capitalization on T...
Amazon sweeps U.S. market for voice-controlled speakers: study By Jeffrey Dastin Amazon.com Inc is dominating the nascent market for voice-controlled speakers, research firm eMarketer said on Monday. The e-com...
U.S. far-right activists, WikiLeaks and bots help amplify Macron leaks: researchers By Dustin Volz | WASHINGTON WASHINGTON U.S. far-right activists helped amplify a leak of hacked emails belonging to leading French presidential cand...

Special Promotion

Fancy a holiday in rural France ?

Find your ideal holiday accommodation in France, with peace of mind that all our properties are officially registered

Our aim is to provide potential holiday makers with a choice of properties, all of which are officially recognised by the French authorities as holiday lettings.  Every gite and holiday accommodation on our website is registered in France in one of two ways. It is either registered with the local Mayor as a tourism/short stay property or is is registered as a holiday letting business in France and so has a SIRET number. We will not advertise any properties unless we have seen evidence of this. If you want anymore information about this, please do contact us.

Follow us on Twitter 


Dont forget to “Like” us on Facebook


Other Video sections include:  Disclose TV – Twit Podcasts – Coming Soon our own Youtube Channel

We also recommend the excellent “No Agenda Podcast”  with Adam Curry & John C Dvorak


Comment on this story