This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2017/05/14/world/europe/cyberattacks-hack-computers-monday.html

The article has changed 15 times. There is an RSS feed of changes available.

Version 10 Version 11
Cyberattack’s Impact Could Worsen in ‘Second Wave’ of Ransomware Aftershocks May Last as U.S. Warns of Malware’s Complex Components
(about 4 hours later)
LONDON Security experts are warning that the global cyberattack that began on Friday is likely to be magnified in the new workweek as users return to their offices and turn on their computers. The components of the global cyberattack that seized hundreds of thousands of computer systems last week may be more complex than originally believed, a Trump administration official said Sunday, and experts warned that the effects of the malicious software could linger for some time.
Many workers, particularly in Asia, had logged off on Friday before the malicious software, stolen from the United States government, began proliferating across computer systems around the world. So the true effect of the attack may emerge on Monday as employees return and log in. Many workers, particularly in Asia, had logged off Friday before the malicious software, stolen from the United States government, began proliferating around the world. There were initial reports of new cases found over the weekend in Japan and Taiwan, and security experts warned the attack could spread as workers logged in Monday.
Moreover, copycat variants of the malicious software behind the attacks have begun to spread, according to experts. “We are in the second wave,” said Matthieu Suiche of Comae Technologies, a cybersecurity company based in the United Arab Emirates. “As expected, the attackers have released new variants of the malware. We can surely expect more.” President Trump has ordered his homeland security adviser, Thomas P. Bossert, who has a background in cyberissues, to coordinate the government’s response to the spread of the malware and help organize the search for who was responsible, an administration official said Sunday.
The attack is more complicated because “the experts tell us that this code was cobbled together from many places and sources,” according to an administration official who insisted on anonymity to discuss the government’s cybersecurity plans. The more potential sources of the malicious code, the harder it is for investigators to run down the trail of possible perpetrators.
The source of the attack is a delicate issue for the United States because the vulnerability on which the malicious software is based was published by a group called the Shadow Brokers, which began publishing cybertools developed by the National Security Agency last summer.
Government investigators, while not publicly acknowledging that the computer code was developed by American intelligence agencies as part of the country’s growing arsenal of cyberweapons, say they are still investigating how the code got out. There are many theories, but increasingly it looks as though the initial breach came from an insider, perhaps a government contractor.
Copycat variants of the malicious software behind the attacks have begun to proliferate, according to experts, who were on guard for new attacks. “We are in the second wave,” said Matthieu Suiche of Comae Technologies, a cybersecurity company based in the United Arab Emirates. “As expected, the attackers have released new variants of the malware. We can surely expect more.”
The National Police Agency in Japan found two computers with the malicious software over the weekend, according to reports by NHK, the national broadcaster. One instance was found on a personal computer in a hospital and the other on a private citizen’s home computer. A hospital in New Taipei City, Taiwan, also reported that one of its computers was compromised, Taiwan’s Central News Agency said Sunday.
The spread of the malicious software, or malware, has focused attention on several questions, including why a software patch, issued by Microsoft in March, was not installed by more users. But for many systems, especially older systems, such patches are not installed automatically — a fact the hackers took advantage of. Microsoft has not said how it became aware of the vulnerability, but it seems likely it was tipped off by the N.S.A.
Brad Smith, the president and chief legal officer of Microsoft, said in a blog post Sunday that the attack should be a “wake-up call” for the tech industry, consumers and governments.
Mr. Smith said that Microsoft had the “first responsibility” for addressing vulnerabilities in its software, and that customers must be vigilant and update security patches. But he said the latest attack showed the dangers of governments’ “stockpiling of vulnerabilities.”
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Mr. Smith wrote.
So far, the main targets of the attack have been outside the United States. But neither the federal government nor American corporations assume that this will continue to be the case.
Britain’s National Cyber Security Center said Sunday that it had seen “no sustained new attacks” but warned that compromised computers might not have been detected yet and that the malware could further spread within networks.Britain’s National Cyber Security Center said Sunday that it had seen “no sustained new attacks” but warned that compromised computers might not have been detected yet and that the malware could further spread within networks.
So far, the main targets of the ransomware attack have been outside the United States. But neither the federal government nor American corporations assume that this will continue to be the case.
Over the weekend, the Trump administration’s top security officials, led by the homeland security adviser, Thomas P. Bossert, gathered in the White House Situation Room to assess the threat to American interests, including government agencies, companies and hospitals.
Monday could bring a wave of attacks to the United States, warned Caleb Barlow, vice president of threat intelligence for IBM. “How the infections spread across Asia, then Europe overnight will be telling for businesses here in the United States,” he said.Monday could bring a wave of attacks to the United States, warned Caleb Barlow, vice president of threat intelligence for IBM. “How the infections spread across Asia, then Europe overnight will be telling for businesses here in the United States,” he said.
The cyberattack has hit 200,000 computers in more than 150 countries, according to Rob Wainwright, the executive director of Europol, the European Union’s police agency. The cyberattack has hit 200,000 computers in more than 150 countries, according to Rob Wainwright, the executive director of Europol, Europe’s police agency.
Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telefónica, the French automaker Renault, universities in China, Germany’s federal railway system and Russia’s Interior Ministry. The most disruptive attacks infected Britain’s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms.Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telefónica, the French automaker Renault, universities in China, Germany’s federal railway system and Russia’s Interior Ministry. The most disruptive attacks infected Britain’s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms.
A 22-year-old British researcher who uses the Twitter name MalwareTech has been credited with inadvertently helping to stanch the spread of the assault by identifying the web domain for the hackers’ “kill switch” — a way of disabling the malware. Mr. Suiche of Comae Technologies said he had done the same for one of the new variants of malware to surface since the initial wave.A 22-year-old British researcher who uses the Twitter name MalwareTech has been credited with inadvertently helping to stanch the spread of the assault by identifying the web domain for the hackers’ “kill switch” — a way of disabling the malware. Mr. Suiche of Comae Technologies said he had done the same for one of the new variants of malware to surface since the initial wave.
On Sunday, MalwareTech was one of many security experts warning that a less-vulnerable version of the malware is likely to be released. On Twitter, he urged users to immediately install a security patch for older versions of Microsoft’s Windows, including Windows XP. (The attack did not target Windows 10.)On Sunday, MalwareTech was one of many security experts warning that a less-vulnerable version of the malware is likely to be released. On Twitter, he urged users to immediately install a security patch for older versions of Microsoft’s Windows, including Windows XP. (The attack did not target Windows 10.)
Robert Pritchard, a former cybersecurity expert at Britain’s defense ministry, said that security specialists might not be able to keep pace with the hackers.
“This vulnerability still exits; other people are bound to exploit it,” he said. “The current variant will make its way into antivirus software. But what about any new variants that will come in the future?”
All it would take is for a new group of hackers to change the original malware code slightly to remove the “kill switch” and send it off into the world, using the same email-based methods to infiltrate computer systems that the original attackers used, experts said.
Allan Liska, an analyst with Recorded Future, a cybersecurity company, said a new version of the ransomware he examined Sunday did not have the kill switch. “This is probably version 2.1, and it has the potential to be much more effective — assuming security defenders haven’t spent all weekend patching,” he said.Allan Liska, an analyst with Recorded Future, a cybersecurity company, said a new version of the ransomware he examined Sunday did not have the kill switch. “This is probably version 2.1, and it has the potential to be much more effective — assuming security defenders haven’t spent all weekend patching,” he said.
The Microsoft patch will help, but installing it across large organizations will take time.The Microsoft patch will help, but installing it across large organizations will take time.
Microsoft has complained for years that a large majority of computers running its software are using pirated versions. The spread of hacking attacks has made legal versions of software more popular, as they typically provide automatic updates of security upgrades.Microsoft has complained for years that a large majority of computers running its software are using pirated versions. The spread of hacking attacks has made legal versions of software more popular, as they typically provide automatic updates of security upgrades.
Governments around the world were bracing themselves for the start of the workweek.Governments around the world were bracing themselves for the start of the workweek.
“This is crucial for businesses when reopening on Monday: Please beware and anticipate, and take preventive steps against the WannaCry malware attack,” Indonesia’s communication and information minister, Rudiantara, who like many Indonesians uses only one name, said at a news conference.“This is crucial for businesses when reopening on Monday: Please beware and anticipate, and take preventive steps against the WannaCry malware attack,” Indonesia’s communication and information minister, Rudiantara, who like many Indonesians uses only one name, said at a news conference.
He confirmed that one hospital Dharmais Hospital in the capital, Jakarta, which specializes in cancer treatment had been afflicted by the malware, but without major effects on patients. He confirmed that one hospital had been afflicted, but without major effects on patients.
“Through collective efforts by Indonesian cybersecurity stakeholders, I am optimistic that we will be able to minimize the severity of the threat,” Mr. Rudiantara said in a phone interview. In Britain, fallout continued Sunday. Two opposition parties, the Labour Party and the Liberal Democrats, asserted that the governing Conservative Party had not done enough to prevent the attack. With a general election June 8, officials have been racing to get ahead of the problem.
In Britain, the fallout from the attack continued on Sunday. Two opposition parties, the Labour Party and the Liberal Democrats, asserted that the governing Conservative Party had not done enough to prevent the attack. With a general election scheduled for June 8, officials have been racing to get ahead of the problem. Britain’s defense minister, Michael Fallon, told the BBC on Sunday that the government was spending about 50 million pounds, about $64 million, to improve cybersecurity at the National Health Service, where many computers still run Windows XP software, which Microsoft had stopped supporting.
Britain’s defense minister, Michael Fallon, told the BBC on Sunday that the government was spending about 50 million pounds, about $64 million, to improve cybersecurity at the National Health Service, where many computers still run the outdated Windows XP software, which Microsoft had stopped supporting. A government regulator warned the N.H.S. in July that updating hardware and software was “a matter of urgency.”
A government regulator warned the N.H.S. last July that updating antiquated hardware and software was “a matter of urgency,” and noted that one hospital had already had to pay £700,000, about $900,000, to repair a breach that began after an employee clicked on a web link in an unsafe email.
“The threat from cyber attacks has not only put patient information at risk of loss or compromise but also jeopardizes access to critical patient record systems by clinicians,” the regulator, the Care Quality Commission, wrote in its report.
At the National Health Service, employees said they had been cautioned about their computer use.
“We are all being extra careful,” said Greg Elston, a paramedic at St. Mary’s Hospital in central London. “We’ve been instructed not to open email attachments on our phones.”
Nancy Harper, who accompanied her mother to the hospital on Saturday for an X-ray, said: “It’s concerning that the N.H.S. was dependent on these outdated systems. If your average person has access to cheap cloud storage these days, then hospitals should be using similar backup methods. I hope this was a wake-up call.”
Others praised the service for maintaining services despite the strain. Himmat Sandut, who took his mother to the emergency room after she collapsed at home, said his experience had been smooth and fast.
“I was worried we would be faced with a huge queue, but we were seen within 10 minutes, and they’ve now given my mum a bed,” he said on Saturday. “I’m surprised and impressed under the current circumstances.”
The least functioning part of the hospital appeared to be the elevator, which got stuck on Saturday before resuming operations — in the wrong direction.
“Was the elevator hacked as well?” one man asked jokingly, causing an elevator packed with tense doctors and nurses to erupt in laughter. “Are we going to have to pay a ransom to get out?”