发帖
雷达卡
source from:ft
https://www.ft.com/content/7aa47b60-37ee-11e7-ac89-b01cc67cfeec
Cyber Security Add to myFT
Security experts dash to contain ransomware attack
Sensitive data exposed by deep flaws at the heart of the interconnected global digital economy
14 HOURS AGO by: Sam Jones in London
Authorities around the world are scrambling to tackle one of the most virulent cyber attacks to date, as fears mount over the safety of huge amounts of sensitive data, ranging from medical records to corporate databases.
Sign up By signing up you confirm that you have read and agree to the terms and conditions, cookie policy and privacy policy.
Hospitals across the UK have been severely disrupted; postal delivery and logistics services hit in the US and university networks in China shut down.
Some of Europe’s biggest companies have been affected, including Telefónica, the Spanish mobile phone giant, Deutsche Bahn, the German national railway operator and Renault, the French carmaker. Russia’s interior ministry said more than 1,000 of its computers had been taken offline.
“We are not able to tell you who is behind the attack,” Amber Rudd, Britain’s home secretary, said on Saturday morning in an interview with the BBC. “That work is still ongoing.”
Ms Rudd chaired a meeting of Cobra, the British government’s top-level emergency committee, early on Saturday afternoon to co-ordinate responses to the attacks.
Despite warnings [the NSA] built dangerous attack tools that could target western software. Today we see the cost
Edward Snowden
The high-visibility impact on the National Health Service has left the UK among the worst-affected countries by the attack, though it is far from being the most heavily targeted.
The cyber infection, known as WannaCry — a form of malicious software known as ransomware, designed to hold infected users’ hard drives hostage — has already spread to more than 100 countries and infected more than 100,000 computer systems, according to data from cyber security companies. Russia, Ukraine and India have seen the greatest number of attacks, said Kaspersky Lab.
So far relatively few ransoms have been paid. WannaCry automatically encrypts infected computers and demands a $300 payment in bitcoin — the anonymous digital crypto currency — for decryption keys to be released. According to Bitdefender, the anti-virus company, three bitcoin “wallets” owned by the hackers were hardcoded into WannaCry: just over $22,600 has been paid into them, the company told the Financial Times.
Even so, in just 24 hours WannaCry has laid bare deep flaws at the heart of the interconnected global digital economy, exposing security vulnerabilities in even the largest organisations at a time when business leaders and politicians regularly preach their cyber security credentials.
At the heart of WannaCry’s potency is a sophisticated hacking tool stolen from the US National Security Agency, the world’s most powerful cyber arsenal.
The theft will reignite the debate over the secretive and far-reaching online activities of western spy agencies, even as the same organisations lead a high-alert global intelligence operation to identify those who launched Friday’s attack.
“Despite warnings [the NSA] built dangerous attack tools that could target western software,” tweeted Edward Snowden, the former security contractor wanted by US authorities for the biggest data breach in US intelligence history. “Today we see the cost.”
Security analysts and western intelligence officials say WannaCry used an NSA tool known as Eternal Blue to super-charge their ransomware. The tool exploits a security loophole in common filesharing protocols run on Windows computer software, effectively allowing hackers to move laterally through networks and between organisations via any legitimate enterprise file-sharing arrangements that have been set up.
Most ransomware — which has become one of the most lucrative sources of income for cyber criminals — spreads via email, and requires a victim to click on a link for them to become infected. The group behind WannaCry used Eternal Blue to turn their ransomware into a malicious programme known as a worm — a self-propagating attack which automatically spreads through the windows file-sharing loophole.
Eternal Blue was among a trove of NSA cyber weapons which were leaked online by a group known as the “Shadow Brokers” last year.
Following the leak, many software providers, including Microsoft, moved to patch the vulnerabilities exposed. The spread of WannaCry illustrates the extent to which many organisations still do not regularly update their systems, despite the urgent need to regularly do so, said security experts.
“I will fault the intelligence community for this,” said John Bambenek, manager for threat systems at the US cyber security company Fidelis. “As soon as this stuff leaked, they needed to get out there and start creating and promoting mitigations from day one. Imagine if the designs for a nuclear weapon got leaked.”
Mr Bambenek said Fidelis and others in the cyber security industry had repeatedly warned US authorities about the need for a more proactive stance following the Shadow Brokers leak.
The leak is still a highly sensitive issue for the US and its allies. According to western intelligence officials, and cyber security experts the FT has spoken to, the Shadow Brokers are probably a proxy of Russian intelligence services. The leak may have been intended to embarrass the US in reprisal for accusations last year from Washington’s intelligence chiefs that Moscow was attempting to manipulate the US presidential election.
The weaponisation of the NSA tools by other cyber-actors such as the group responsible for WannaCry was widely feared as a potential outcome by cyber security analysts.
In the event, WannaCry’s spread could have been far worse.
On Friday lunchtime, a British cyber threat researcher investigating the new ransomware discovered the identity of an obscure web address WannaCry automatically sought to communicate with in the first stages of each new infection. The address was for an unowned domain, so he acquired it, he explained in a blog post now being hosted on the UK’s National Cyber Security Centre website.
As it later transpired, the domain effectively functioned as a “kill switch” for WannaCry: the ransomware was set up so that if the address was active, it would automatically stop the infection process.
For those already hit by WannaCry a lengthy clean-up process remains, with no way of knowing when complete decryption of compromised hard drives will be possible.
WannaCry encrypts its victims systems using a 2048-bit RSA key. Using the computational power of a standard desktop machine with an up-to-date processor to crack such a key would take roughly 6.4 quadrillion years, according to current estimates by cryptologists.
京公网安备 11010802022788号
