google-site-verification: google30a059f9a075f398.html

US government says North Korea was behind massive WannaCry cyber attack

CyberWisdom Summarized Roundup:

The Trump administration has accused North Korea of launching a so-called WannaCry cyberattack earlier this year that paralyzed hospitals, banks and other companies around the world.

The official said the U.S. government has “very high confidence” assesses that the hacker called Lazarus Group, which works on behalf of the North Korean government, implemented the WannaCry attack. Discuss the details of the government investigation.

The Lazarus group, widely regarded by security researchers and U.S. officials as the head of Sony Pictures Entertainment ‘s crackdown in 2014, damaged documents, leaked company communications online, and led several top studio executives Leave.

Tom Bossert, homeland security adviser to President Donald Trump, said: “The attacks were prevalent, causing billions of dollars in losses, while North Korea had a direct responsibility.

In a commentary in the Wall Street Journal, Tom Trump, Trump president’s homeland security adviser, notes that WannaCry is a common, costly and “recklessly reckless” claim that ” North Korea is directly responsible. “

One of the goals, Bossert said, is to “increase hacker costs.”

The United States discovered the loophole under the leadership of the Obama administration, but the NSA kept the loophole in its own offensive work rather than reporting to Microsoft.

Fortunately, security researcher Marcus Hutchins discovered a kill switch in the program and activated it, rendering most of the virus ineffective. Bosset said that such luck cannot be expected in the future.

 

WannaCry ransomware

The massive WannaCry ransomware attack in May caused the loss of thousands of computers and networks worldwide with an estimated loss of about 4 billion U.S. dollars.

WannaCry ransomware exploits a hole in older Windows software to freeze computers and then allow hackers to ask victims for computers between $ 300 and $ 600 in Bitcoin.

WannaCry spreads through backdoor malware DoublePulsar and Microsoft using EternalBlue, a purportedly created by the National Security Agency, which was later leaked by Shadow Brokers hacking groups. In the first movement, the scary ransomware spread to more than 150 countries.

North Korea and Pyongyang have repeatedly denied their responsibility to WannaCry and claimed that other cyberattacks were blamed.

The government officials said that in addition, the purpose of this humiliation is to have Pyongyang responsible for its actions “to erode and weaken its ability to launch attacks.”

Accusing it of fear of North Korea’s hacking abilities and its nuclear weapons program.

 

Impact

  1. Ransomware is malware that can encrypt important files and lock people out of the computer unless they work hard to prevent their entire system from being deleted. The attack encrypted files on more than 300,000 computers in more than 150 countries, including victims such as hospitals, banks, telcos, and warehouses.
  2. The largest attack in the United Kingdom has had serious repercussions in the UK’s health care system, disrupting operations and emergency services.
  3. The British government joined the United States on Tuesday, accusing North Korea. More than one-third of hospital trust systems in May experienced a system failure, with WannaCry ransomware software removal of nearly 7,000 NHS appointments in May.

 

Evidence Sources:

The attack was made possible by a vulnerability in out-of-date versions of Microsoft Windows first uncovered by the National Security Agency and then released by hackers on the internet in May. Microsoft released a patch for the Windows 7 vulnerability in March, but many people apparently didn’t update.

 Microsoft president and chief legal officer Brad Smith expressed support for the US government’s decision to formally name North Korea. Smith said that Microsoft had recently conducted an operation with Facebook and others to disrupt the activities of the Lazarus Group, a

threat actor previously linked to North Korea.

 

The Lazarus Group is believed responsible for numerous worldwide attacks in recent years, most notably the one on Sony Pictures in 2014 and the more recent attacks on numerous banks via the SWIFT financial network. Microsoft investigations showed the group is also directly responsible for the WannaCry attacks, Smith said. “If the rising tide of nation-state attacks on civilians is to be stopped, governments must be prepared to call out the countries that launch them,” Smith noted.  “Today’s announcement represents an important step in government and private sector action to make the Internet safer,” he said referring to Bossert’s comments.

Symantec is another company that has definitively linked WannaCry to the Lazarus Group. But it has stopped short of saying the group is linked to the North Korean government or is being sponsored by it. 

 

Symantec said it found three malware samples linked to Lazarus on the network of a WannaCry victim. One of them was a disk-wiping tool used in the Sony attacks. Symantec said that a Trojan that was used to spread WannaCry in March and April was a modified version of malware previously used by Lazarus. Similarly, IP addresses for command and control and code obfuscation methods used in WannaCry have Lazarus links, as does code between WannaCry and a backdoor Trojan used in other attacks.

 

However, some security industry experts believe there’s not enough evidence – at least not enough that’s publicly available – to definitively tie the government in North Korea to the attacks. “The evidence is weak,” says Ross Rustici, senior director of intelligence services at Boston-based cybersecurity firm Cybereason. “Without the initial source or any way to tie the code to an actual person we cannot do real attribution.” 

Others in the past have also noted how easy it is for attackers to plant false flags in order to throw investigators off track and to make it appear like an attack were launched by someone else.

If you like to receive more of these curated news alerts then subscribe to my mailing list.

Cybersecurity CEO: ‘Absolutely’ reason to believe North Korea is amassing bitcoin, likely to fund cyberattacks

https://www.cnbc.com/2017/12/19/north-koreas-bitcoin-is-the-perfect-currency-to-be-holding.htmlNorth Korea is amassing an ever-growing pile of bitcoin, likely to fund future cyberattacks, a cybersecurity CEO said. The U.S. government revealed Tuesday that North Korea was behind the debilitating WannaCry hack earlier this year, demanding ransom in bitcoin. As cyberattacks take aim at larger targets and higher ransoms, and with the price of bitcoin spiking, CrowdStrike CEO George Kurtz said there’s “absolutely” reason to believe North Korea has an appreciating pile of bitcoin to fund future attacks. “They’re building a cache of bitcoin, if you think about it. It’s an anonymous currency, it can easily bypass any sort of sanctions because there are none on bitcoin, and the value has increased dramatically,” Kurtz told CNBC’s “Squawk Alley.” “It’s the perfect currency for North Korea to be hoarding.” The WannaCry attack crippled hospitals, banks and companies around the world, and “highlights the capabilities that North Korea has in cyber,” Kurtz said. “And what we’ve seen is the increase of capabilities just over the last three years.”… Cybersecurity CEO: ‘Absolutely’ reason to believe North Korea is amassing bitcoin, likely to fund cyberattacks

 

Trump administration blames North Korea for WannaCry ransomware attacks

http://www.ibtimes.co.uk/trump-administration-blames-north-korea-wannacry-ransomware-attacks-1652040Beginning of dialog window. Escape will cancel and close the window. The Donald Trump administration has publicly blamed North Korea for orchestrating the massive WannaCry ransomware attacks that knocked off computers across the world in May. The attribution, which is reportedly supported by private security firms as well as the UK government, serves as an aggressive move for the Trump administration, especially given how rarely attributions are made public. The US is not the first to blame North Korea for WannaCry. Earlier in the year, Britain’s spy agency GCHQ’s cyber arm the NCSC (National Cyber Security Center) also believed that North Korea was responsible for the global ransomware epidemic. The NSA as well as several cybersecurity firms also accused Pyongyang’s hackers for orchestrating the attacks that spread like wildfire across the globe in May, affecting schools, hospitals, businesses and more. “The attack was widespread and cost billions, and North Korea is directly responsible,” US president Donald Trump’s homeland security advisor Tom Bossert wrote in a Wall Street Journal op-ed. “We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the… Trump administration blames North Korea for WannaCry ransomware attacks

 

North Korea’s army of cyber hackers could be an even greater threat than their nuclear ambitions, experts warn

http://www.dailymail.co.uk/news/article-5198685/North-Koreas-cyber-army-bigger-threat-nukes.htmlNorth Korea has developed a sophisticated army of hackers that could cause enormous damage to foreign militaries, steal huge amounts of cash from banks or cripple essential infrastructure.  Technology experts have also warned that the Stalinist autocracy’s cyber army is doubly lethal because there is little chance to hit back against it given its lack of connectivity. While the dictatorship’s high-profile missile and nuclear programmes grab the headlines, North Korea watchers have warned its legion of 6,000 hackers could be far more dangerous to global security. More than a third of hospital trusts had their systems crippled while nearly 7,000 NHS appointments were cancelled in the WannaCry ransomware attack in May (stock photo) It is also suspected the state is using cryptocurrency to bypass biting economic sanctions Bryce Boland, chief technology officer for Asia Pacific at cybersecurity company FireEye, told The Telegraph: ‘They are quite capable of conducting operations that could cause significant disruption to many organisations.’ He also said the state will probably increase its digital espionage to prepare for a possible war, adding: ‘We’ve already seen attempts by North Korea to gain access to some of the critical infrastructure in North America in recent months.’  It comes as both… North Korea’s army of cyber hackers could be an even greater threat than their nuclear ambitions, experts warn

 

Attack Attribution Tricky Say Some as US Blames North Korea for WannaCry

https://www.darkreading.com/attacks-breaches/attack-attribution-tricky-say-some-as-us-blames-north-korea-for-wannacry-/d/d-id/1330688There’s not enough evidence to conclusively tie the rogue regime to the ransomware attacks, some security experts say…. Attack Attribution Tricky Say Some as US Blames North Korea for WannaCry     

 

 

 

 

U.S. pins WannaCry on North Korea

https://www.scmagazine.com/us-pins-wannacry-on-north-korea/article/719494/President Trump’s homeland security advisor Tom Bossert said North Korea was directly responsible for the WannaCry attacks…. U.S. pins WannaCry on North Korea

 

US blames North Korea for global WannaCry cyberattack

https://thenextweb.com/us/2017/12/19/us-blames-north-korea-for-global-wannacry-cyberattack/The US has publicly called out North Korea for the massive WannaCry ransomware attack that affected thousands of computers and networks across the globe in May, with an estimated loss of about $4 billion. The allegation comes from Thomas P. Bossert, assistant to the American president for homeland security and counterterrorism, who penned a piece in The Wall Street Journal today, and noted that the US, authorities in the UK, as well as Microsoft, had found evidence from the attack pointing to affiliation with the North Korean government. Bossert also explained that the US will take a harder stance against… This story continues at The Next Web… US blames North Korea for global WannaCry cyberattack

 

US blames North Korea for WannaCry cyberattack

https://www.cnet.com/news/us-accuses-north-korea-of-carrying-out-wannacry-cyberattack/The Trump administration is expected to call for action preventing North Korea from carrying out the cyberattacks, the Washington Post reports…. US blames North Korea for WannaCry cyberattack

 

Shadowy North Korean hacking gang Lazarus were the cyber criminals behind the WannaCry ransomware attack …

http://www.dailymail.co.uk/news/article-5195243/North-Korean-gang-Lazarus-NHS-cyber-attack.htmlBy Kate Ferguson, Political Correspondent For Mailonline The Foreign Office today named the shadowy North Korean cyber gang Lazarus as the criminals which launched a devastating ransomware attack on the NHS. More than a third of hospital trusts had their systems crippled while nearly 7,000 NHS appointments were cancelled in the WannaCry ransomware attack in May. Foreign Office minister Lord Ahmad confirmed the attack was carried out by the notorious North Korean cyber espionage group Lazarus. The gang have carried out a series of devastating strikes against media and government institutions – and have stolen tens of millions of pounds in a heist on a central bank. More than a third of hospital trusts had their systems crippled while nearly 7,000 NHS appointments were cancelled in the WannaCry ransomware attack in May (stock photo) Sony Pictures fell victim to the gang in 2014 when their systems were hacked ahead of the release of The Interview – a satire on a plot to kill Kim Jong-Un.  The notorious group has strong links with the tyrannical regime in Pyongyang and its attacks are designed to sow chaos and discord among the country’s enemies.  Lazarus are an infamous North Korean hacking gang who have… Shadowy North Korean hacking gang Lazarus were the cyber criminals behind the WannaCry ransomware attack …

 

The WannaCry hack shows North Korea’s emergence as a cyber powerhouse

https://www.vox.com/world/2017/12/19/16794970/wannacry-north-korea-bossert-cyberattacksThe US has officially blamed North Korea for the “WannaCry” cyberattacks that disabled hundreds of thousands of computers across more than 150 countries back in May. The announcement marks an acknowledgment of the sophistication of Pyongyang’s cyber capabilities — and serves as a reminder that the hermit kingdom’s threats to the world extend well beyond its rapidly advancing nuclear program. “The attack was widespread and cost billions, and North Korea is directly responsible,” White House Homeland Security Adviser Tom Bossert wrote in a Wall Street Journal op-ed Monday evening. “It was cowardly, costly and careless.” The WannaCry cyberattacks used ransomware — where hackers use malware to scrambles a victim’s files and then demand money to unscramble them — to infect businesses, banks, hospitals, and schools the world over. One of the biggest strikes occurred in Britain, causing havoc in the UK’s health care system, where it interfered with surgeries and emergency services. The British government joined the US in laying the blame on North Korea on Tuesday. Bossert said the US has evidence that Pyongyang ordered the attack, though he declined to provide details on what that evidence was. Alexander Klimburg, a cybersecurity expert at the Atlantic Council think tank… The WannaCry hack shows North Korea’s emergence as a cyber powerhouse

 

US government says North Korea was behind massive WannaCry cyber attack

https://techcrunch.com/2017/12/18/us-government-north-korea-wannacry/ The U.S. government has officially blamed North Korea for WannaCry, the massive ransomware attacked that spread across the world disrupting more than 200,0000 businesses from 35 countries this past May. Writing in the New York Times [link subject to a paywall], Homeland Security Advisor Thomas P. Bossert said for the first time that the North Korean regime is directly to blame for the…… US government says North Korea was behind massive WannaCry cyber attack

 

BREAKING: Trump to ‘confirm’ North Korea was behind crippling WannaCry cyber attack

https://www.express.co.uk/news/world/894072/North-Korea-Kim-Jong-un-Donald-Trump-USA-cyber-attack-WannaCry-NHS-ransomwareKim Jong-un’s regime has long been suspected of the WannaCry cyber attack which targeted 150 countries and sent many of the UK’s NHS hospitals into meltdown. Wanna Decryptor, also known as WannaCry or wcry, was the ransomware programme used in the attack. Ransomware is the malicious software used by hackers to block access to a computer system until a ransom is paid. In October, the British Government said it believed “quite strongly” Pyongyang was responsible for the ‘WannaCry’ ransomware attack. But following accusation from Theresa May’s security minister Ben Wallace, North Korea hit back saying the statement was “despicable” and “an act beyond the limit of our tolerance”. A statement from the state’s propaganda news agency KCNA slammed the allegation and warned Britain to “seriously reflect” on what was being claimed.  The statement said: “The UK has made another attempt to incriminate the DPRK as a cyber-criminal.  “The DPRK has clarified our principled stand, on every opportune occasion, to oppose terrorism in all its forms and manifestations.” 14 of the biggest cyber-attacks, hacks and data breaches in history The statement even expressed sympathy to those affected and said North Korea would never attack the NHS due to their “priority” for… BREAKING: Trump to ‘confirm’ North Korea was behind crippling WannaCry cyber attack

 

US Names North Korea Cyber Attacker in ‘WannaCry’ Attack

https://www.theepochtimes.com/us-names-north-korea-cyber-attacker-in-wannacry-attack_2390992.htmlThe United States is calling out North Korea for the WannaCry malware attack that infected 230,000 computers in 150 countries—an attack made more disturbing because the attack was aimed at inflicting maximum damage, rather than making money. However, the attack may have marked a turning point in how the U.S. government deals with threats and is a “defining moment” in the battle against cyber attacks, said a White House official. The malware demanded victims pay a bitcoin ransom to regain access to data it locked away on their computer. But those that paid never regained access, news of which quickly spread across the infected community and kept monies from flowing to North Korea. “This was a careless and reckless attack,” President Donald Trump’s homeland security and counterterrorism assistant Thomas P. Bossert. The attack revealed several problems, not the least of which was the previous U.S. government tendency to uncover cyber threats and then keep them secret so they could use those same exploits for their own offensive efforts.   Trump changed that policy, marking a new transparent process that is winning support from industry and the American Civil Liberties Union. That change is part of a broader effort to improve… US Names North Korea Cyber Attacker in ‘WannaCry’ Attack

 

Curated Links

Thumbnails credit cnbc.com, newsweek.com, ibtimes.co.uk, dailymail.co.uk, darkreading.com, scmagazine.com, thenextweb.com, cnet.com, eweek.com, vox.com, techcrunch.com, express.co.uk, indiatimes.com, csoonline.com, techrepublic.com, theepochtimes.com

If you like to receive more of these curated news alerts then subscribe to my mailing list.