Tag Archives: Cyber Security

British hospitals, Spanish firms among targets of huge cyberattack

An ambulance waits outside the emergency department at St Thomas' Hospital in central London, Britain May 12, 2017. REUTERS/Stefan Wermuth

By Costas Pitas and Carlos Ruano

LONDON/MADRID (Reuters) – A huge cyberattack brought disruption to Britain’s health system on Friday and infected many Spanish companies with malicious software, and security researchers said a dozen other countries may be affected.

Hospitals and doctors’ surgeries in parts of England were forced to turn away patients and cancel appointments. People in affected areas were being advised to seek medical care only in emergencies.

“We are experiencing a major IT disruption and there are delays at all of our hospitals,” said the Barts Health group, which manages major London hospitals. Routine appointments had been canceled and ambulances were being diverted to neighboring hospitals.

Telecommunications giant Telefonica was among the targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services.

Authorities in both countries said the attack was conducted using ‘ransomware’ – malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access. They identified the type of malware as ‘Wanna Cry’, also known as ‘Wanna Decryptor’.

A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files.

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement. Still, the news prompted security teams at large financial services firms and businesses around the world to review their plans for defending against ransomware attacks, according to executives with private cyber security firms.

A spokeswoman for Portugal Telecom said: “We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services were affected.”

British based cyber researcher Chris Doman of AlienVault said the ransomware “looks to be targeting a wide range of countries”, with preliminary evidence of infections from 14 countries so far, also including Russia, Indonesia and Ukraine.

PM BRIEFED

A spokesman for British Prime Minister Theresa May said she was being kept informed of the incident, which came less than four weeks before a parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year’s U.S. election and on the eve of this month’s presidential vote in France.

But those attacks – blamed on Russia, which has repeatedly denied them – followed a entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

The full extent of Friday’s disruption in Britain remained unclear.

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” NHS Digital, the computer arm of the health service, said in a statement.

Britain’s National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate.

A reporter from the Health Service Journal said the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack.”

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

It was not immediately clear how many Spanish organizations had been compromised by the attacks, if any critical services had been interrupted or whether victims had paid cyber criminals to regain access to their networks.

(Additional reporting by Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Kate Holton, Andy Bruce, Michael Holden and David Milliken; Editing by Mark Trevelyan and Ralph Boulton)

English hospitals say hit by suspected national cyber attack

FILE PHOTO: A National Health Service (NHS) sign is seen in the grounds of St Thomas' Hospital, in front of the Houses of Parliament in London June 7, 2011. REUTERS/Toby Melville/File Photo

By Costas Pitas and Alistair Smout

LONDON (Reuters) – Hospitals across England were being forced to divert emergency cases on Friday after suffering a suspected national cyber attack.

Among them was the Barts Health group which manages major central London hospitals including The Royal London and St Bartholomew’s.

“We are experiencing a major IT disruption and there are delays at all of our hospitals,” it said.

“We have activated our major incident plan to make sure we can maintain the safety and welfare of patients. Ambulances are being diverted to neighboring hospitals.”

Patients requiring emergency treatment across England were diverted away from the hospitals affected and the public was advised to only seek medical care for acute medical conditions.

Reuters was unable to independently verify whether the hospitals were the subject of a concerted cyber attack ahead of the June 8 election.

Britain’s National Crime Agency said it was aware of the reports of a cyber attack but made no further comment.

The National Health Service (NHS) said it was responding to the incidents.

“We are aware of a cyber security incident and we are working on a response,” said a spokesman for NHS Digital, a division of the NHS which handles information technology issues.

There was no immediate comment from the Health Ministry.

Earlier on Friday, Spain’s government warned that a large number of companies had been attacked by cyber criminals who infected computers with malicious software known as “ransomware” that locks up computers and demands ransoms to restore access.

(Additional reporting by Kate Holton, Andy Bruce, Michael Holden and David Milliken; Writing by Guy Faulconbridge; editing by Stephen Addison)

German cyber agency chides Yahoo for not helping hacking probe

A photo illustration shows a Yahoo logo on a smartphone in front of a displayed cyber code and keyboard on December 15, 2016. REUTERS/Dado Ruvic/Illustration

By Andrea Shalal

BERLIN (Reuters) – Germany’s federal cyber agency said on Thursday that Yahoo Inc <YHOO.O> had not cooperated with its investigation into a series of hacks that compromised more than one billion of the U.S. company’s email users between 2013 and 2016.

Yahoo’s Dublin-based Europe, Middle East and Africa unit “refused to give the BSI any information and referred all questions to the Irish Data Protection Commission, without, however, giving it the authority to provide information to the BSI,” Germany’s BSI computer security agency said.

A BSI spokesman said it decided to go public after Yahoo repeatedly failed to respond to efforts to look into the data breaches and garner lessons to prevent similar lapses. BSI also urged internationally active Internet service providers to work more closely with it when German customers were affected by cyber attacks and other computer security issues.

Yahoo did not respond to requests for comment, while Ireland’s data protection agency was not immediately available.

The BSI’s statement comes at a time of heightened German government concerns about Russian meddling in national elections in September, after cyber attacks on the French and U.S. presidential elections which have been linked to Russia.

The U.S. Justice Department in March charged two Russian intelligence agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts, marking the first time the U.S. government had criminally charged Russian spies for cyber offences., while U.S. officials have charged Russian intelligence agents with involvement in at least one of the hacks that affected Yahoo.

Moscow has denied any involvement in hacking.

The BSI said it did not yet have any concrete information about the data breaches because of Yahoo’s lack of cooperation.

“Users should therefore be very careful about which services they want to use in the future and to whom they entrust their data,” BSI President Arne Schoenbohm said in a statement.

The BSI chief reiterated his recommendation that German consumers consider switching to other email service providers, adding that certifications such as those offered with C5-class cloud service security were valuable for customers.

C5 is a German government scheme to encourage cloud-based internet service providers to attest they use various safeguards against cyber attacks.

Late last year Yahoo, which has agreed to be acquired by U.S. telecoms giant Verizon <VZ.N> and is set to be merged with AOL to form a new business known as Oath, revealed a data breach dating back to 2013 of one billion user accounts.

The various disclosures led Verizon to cut the amount it was willing to pay for Yahoo by $350 million on its previously agreed $4.83 billion deal. Yahoo has said it expects the merger into Verizon to close in June.

BSI said an additional 32 million Yahoo users were affected by cyber breaches in 2015 and 2016. A spokesman for the agency said he was unaware of any additional breaches in 2017.

(Additional reporting by Eric Auchard in Frankfurt; editing by Alexander Smith)

FBI warns of surge in wire-transfer fraud via spoofed emails

A computer keyboard is seen in this picture illustration taken in Bordeaux, Southwestern France, August 22, 2016. REUTERS/Regis Duvignau

By Alastair Sharp

(Reuters) – Attempts at cyber wire fraud globally, via emails purporting to be from trusted business associates, surged in the last seven months of 2016, the U.S. Federal Bureau of Investigation said in a warning to businesses.

Fraudsters sought to steal $5.3 billion through schemes known as business email compromise from October 2013 through December, the FBI said in a report released Thursday by its Internet Crime Complaint Center.(http://bit.ly/2qAEVBE)

The figure is up sharply from the FBI’s previous report which said thieves attempted to steal $3.1 billion from October 2013 through May 2016, according to a survey of cases from law enforcement agencies around the world.

The number of business-email compromise cases, in which cyber criminals request wire transfers in emails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40,203 from 22,143, the FBI said.

The survey does not track how much money was actually lost to criminals.

Robert Holmes, who studies business email compromise for security firm Proofpoint Inc <PFPT.O>, estimated the incidents collated by the FBI represent just 20 percent of the total, and that total actual losses could be as much as double the figures reported by the FBI.

The losses are growing as scammers become more sophisticated, delving deeper into corporate finance departments to find susceptible targets, he said.

“This is not a volume play; it’s a carefully researched play,” he said.

The United States is by far the biggest target market, though fraudsters have started to expand in other developed countries, including Australia, Britain, France and Germany, Holmes said.

The FBI has said that about one in four U.S. victims respond by wiring money to fraudsters. In some of those cases, authorities have been able to identify the crimes in time to help victims recover the funds from banks before the criminals pulled them out of the system.

The U.S. Department of Justice said in March that it had charged a Lithuanian man with orchestrating a fraudulent email scheme that had tricked agents and employees of two U.S.-based internet companies into wiring more than $100 million to overseas bank accounts.

Fraudsters have also used spoofed emails to trick corporate workers into releasing sensitive data, including wage and tax reports, according to the advisory.

(Reporting by Alastair Sharp in Toronto; Editing by Bernadette Baum and Lisa Shumaker)

Germany challenges Russia over alleged cyberattacks

Hans-Georg Maassen, Germany's head of the German Federal Office for the Protection of the Constitution (Bundesamt fuer Verfassungsschutz) addresses a news conference in Berlin, Germany, in this file photo dated June 28, 2016. REUTERS/Fabrizio Bensch

By Andrea Shalal

BERLIN (Reuters) – The head of Germany’s domestic intelligence agency accused Russian rivals of gathering large amounts of political data in cyber attacks and said it was up to the Kremlin to decide whether it wanted to put it to use ahead of Germany’s September elections.

Moscow denies it has in any way been involved in cyber attacks on the German political establishment.

Hans-Georg Maassen, president of the BfV agency, said “large amounts of data” were seized during a May 2015 cyber attack on the Bundestag, or lower house of parliament, which has previously been blamed on APT28, a Russian hacking group.

Maassen, speaking with reporters after a cyber conference in Potsdam, repeated his warning from last December in which he said Russia was increasing cyber attacks, propaganda and other efforts to destabilize German society.

Some cyber experts have drawn clear links between APT28 and the GRU Russian military intelligence organization.

Maassen said there had been subsequent attacks after the 2015 Bundestag hack that were directed at lawmakers, the Christian Democratic Union (CDU) of Chancellor Angela Merkel, and other party-affiliated institutions, but it was unclear if they had resulted in the loss of data.

Germany’s top cyber official last week confirmed attacks on two foundations affiliated with Germany’s ruling coalition parties that were first identified by security firm Trend Micro.

“We recognize this as a campaign being directed from Russia. Our counterpart is trying to generate information that can be used for disinformation or for influencing operations,” he said. “Whether they do it or not is a political decision … that I assume will be made in the Kremlin.”

Maassen said it appeared that Moscow had acted in a similar manner in the United States, making a “political decision” to use information gathered through cyber attacks to try to influence the U.S. presidential election.

Maassen told reporters that Germany was working hard to strengthen its cyber defenses, but also needed the legal framework for offensive operations.

Berlin was studying what legal changes were needed to allow authorities to purge stolen data from third-party servers, and to potentially destroy servers used to carry out cyber attacks.

“We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks,” Maassen said.

He said intelligence agencies knew which servers were used by various hacker groups, including APT10, APT28 and APT29.

The German government also remained deeply concerned about the possibility that German voters could be manipulated by fake news items, like the bogus January 2016 story about the rape of a 13-year Russian-German girl by migrants that sparked demonstrations by over 12,000 members of that community.

He said another attempt was made in January shortly after the Social Democrats named former European Parliament President Martin Schulz as their chancellor candidate, with a Russian website carrying a blatantly false story about Schulz’s father having run a Nazi concentration camp.

However that story did not receive as much attention.

Officials also remained concerned that real information seized during cyber attacks could be used to discredit politicians or affect the election, he said.

(Reporting by Andrea Shalal; Editing by Madeline Chambers)

China tightens rules on online news, network providers

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su/File Photo

BEIJING (Reuters) – China on Tuesday issued tighter rules for online news portals and network providers, the latest step in President Xi Jinping’s push to secure the internet and maintain strict party control over content.

Xi has made China’s “cyber sovereignty” a top priority in his sweeping campaign to bolster security. He has also reasserted the ruling Communist Party’s role in limiting and guiding online discussion.

The new regulations, released by the Cyberspace Administration of China (CAC) on its website, extend restrictions on what news can be produced and distributed by online platforms, requiring all services to be managed by party-sanctioned editorial staff.

The rules, which come into effect on June 1, apply to all political, economic, military, or diplomatic reports or opinion articles on blogs, websites, forums, search engines, instant messaging apps and all other platforms that select or edit news and information, the administration said.

All such platforms must have editorial staff who are approved by the national or local government internet and information offices, while their workers must get training and reporting credentials from the central government, it said.

Editorial work must be separate from business operations and only public funds can be used to pay for any work, it added.

Under the rules, editorial guidance measures used for the mainstream media will be applied to online providers to ensure they too adhere to the party line, such as requiring “emergency response” measures to increase vetting of content after disasters.

The rules also stipulate that a domestic business that wants to set up a joint venture with a foreign partner, or accept foreign funding, must be assessed by the State Internet Information Office.

Content on China’s internet has never been free of government censorship, though a number of internet companies run news portals that produce relatively independent reporting and opinion pieces.

A number of these platforms were shut down last year, after Xi in April called in a speech for better regulation of China’s internet.

The CAC separately on Tuesday released another set of rules that on June 1 will require “network providers and products” used by people who might touch upon “national security and the public interest” go through a new round of security reviews.

Beijing adopted a cyber security law last year that overseas critics say could shut foreign businesses out of various sectors in China.

(Reporting by Christian Shepherd; Editing by Robert Birsel)

GE fixing bug in software after warning about power grid hacks

FILE PHOTO: The logo of a General Electric (GE) facility is seen behind tree branches in Medford, Massachusetts, U.S., April 20, 2017. REUTERS/Brian Snyder/File Photo

By Jim Finkle

(Reuters) – General Electric Co <GE.N> said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility’s power systems after researchers found that hackers could shut down parts of an electric grid.

The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to “disconnect sectors of the power grid at will,” according to an abstract posted late last week on the Black Hat security conference website.

Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.

Interest in grid security has intensified amid the increased use of cyber weapons by nation states, including two high-profile cyber attacks in Ukraine that authorities in Kiev have blamed on Russia.

Three New York University security experts are scheduled to discuss the issue at the Las Vegas Black Hat hacking conference in July. They could not be reached immediately for comment.

GE is not aware of any cases in which hackers exploited the bug to cause power outages, said GE spokeswoman Annette Busateri. The bug only involves older GE protection relays introduced in the 1990s “before current industry expectations for security,” she said.

“We have been in the process of issuing notifications and providing product upgrades to our affected customer base on available firmware updates to address this issue,” she said.

GE has issued patches for five of six models affected by the vulnerability and will soon release a patch for the sixth model, Busateri said.

Michael Assante, former chief security officer with the North American Electric Reliability Corp, which regulates the North American grid, said the product was still widely deployed because the industry runs systems for decades before upgrading to new technologies.

“This is certainly a significant issue,” he said.

Hackers caused power to go out in 2015 and 2016 attacks in Ukraine by using other techniques to force breakers to open, Assante said.

(Reporting by Jim Finkle in Toronto; Editing by Chizu Nomiyama and Jeffrey Benkoe)

Cyber extortion demands surge as victims keep paying: Symantec

A man walks past a display of hexadecimal code in a file photo. REUTERS/Nigel Treblin

By Alastair Sharp

TORONTO (Reuters) – Hackers are demanding increasingly hefty ransoms to free computers paralyzed with viruses, as cyber criminals seek to maximize profits from large numbers of victims willing to pay up, according to cyber security firm Symantec Corp.

The average demand embedded in such malicious software, which is known as ransomware, more than tripled last year to $1,077 from $294, and the pricing has continued to rise in 2017, according to Symantec.

“The bad guys haven’t found the top end of what people will pay,” Symantec Director of Security Response Kevin Haley said in a telephone interview.

Symantec said 69 percent of ransomware infections in 2016 hit consumer computers, with the remainder targeting businesses and other organizations.

More than a third of consumer ransomware victims around the globe pay cyber criminals to regain access to their data, according to Symantec. In the United States, where such attacks are most prevalent, 64 percent pay.

“If six out of ten people will pay your ransom when it’s three hundred bucks, you’re thinking ‘What if I raise it to four hundred? What if I raise to five hundred?'” Haley said.

The surge in cyber extortion has been fueled partly by the sale of ransomware kits, which sell for $10 to $1,800 on underground markets and make it easy for wannabe cyber crooks to get in the business, according to Symantec.

One kit, known as Shark, lets users name their demand, which its creators collect from victims and pass on to attackers, minus a 20 percent commission.

Ransomware attacks have increased sharply over the past year, with criminals targeting hospitals, police departments and other providers of critical services in the United States and Europe.

In some cases, the attacks have interrupted critical public services.

U.S. and European hospitals have been forced to divert patients to other facilities when ransomware paralyzed computer systems.

Local police have been forced to manually dispatch calls, and San Francisco’s public transit system was unable to collect fares for a weekend during the busy Christmas shopping season.

(Reporting by Alastair Sharp; Editing by Steve Orlofsky; Editing by Jim Finkle and Steve Orlofsky)

Cyber attack hits 1,200 InterContinental hotels in United States

The Logo of a Holiday Inn Hotel is pictured in Paris, France, August 8, 2016. REUTERS/Jacky Naegelen

By Alastair Sharp

TORONTO (Reuters) – Global hotel chain InterContinental Hotels Group Plc <IHG.L> said 1,200 of its franchised hotels in the United States, including Holiday Inn and Crowne Plaza, were victims of a three-month cyber attack that sought to steal customer payment card data.

The company declined to say how many payment cards were stolen in the attack, the latest in a hacking spree on prominent hospitality companies including Hyatt Hotels Corp <H.N>, Hilton, and Starwood Hotels, now owned by Marriott International Inc <MAR.O>.

The breach lasted from September 29 to December 29, InterContinental spokesman Neil Hirsch said on Wednesday. He declined to say if losses were covered by insurance or what financial impact the hacking might have on the hotels that were compromised, which also included Hotel Indigo, Candlewood Suites and Staybridge Suites properties.

The malware searched for track data stored on magnetic stripes, which includes name, card number, expiration date and internal verification code, the company said.

Hotel operators have become popular targets because they are easier to breach than other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers, said Itay Glick, chief executive of Israeli cyber-security company Votiro. “They don’t have massive data centers like banks which have very secure systems to protect themselves,” said Glick.

InterContinental declined to say how many franchised properties it has in the United States, which is part of its business unit in the Americas with 3,633 such properties.

In February, InterContinental said it had been victim of a cyber attack, but at that time said that only 12 of its 286 managed properties in the Americas were infected with malware.

Beijing cyber regulators to summon Apple over live streaming: Xinhua

FILE PHOTO: The Apple logo is pictured inside the newly opened Omotesando Apple store at a shopping district in Tokyo June 26, 2014. REUTERS/Yuya Shino/File Photo

BEIJING (Reuters) – Internet regulators in China’s capital plan to summon Apple Inc <APPL.O> to urge the American firm to tighten its checks on software applications available in its Apple Store, the official Xinhua News Agency reported on Wednesday.

The Beijing Cyberspace Administration, together with the Beijing Public Security Bureau and Beijing Cultural Market Administrative Law Enforcement Team, has already met representatives from Apple about the examination of live streaming apps from its app store, Xinhua said.

The U.S. tech firm is turning to selling more apps and services in China amid falling sales and rising competition from domestic smartphone makers.

Apple confirmed this year that it removed the New York Times Co’s <NYT.N> English- and Chinese-language news apps from its iTunes store in China following a request from authorities.

Apple in Beijing could not be reached for comment after normal business hours.

The Beijing Cyberspace Administration and the other two departments separately ordered three domestic live-streaming websites to rectify management loopholes, Xinhua said.

China’s fast-growing live-streaming market produced revenues of more than 30 billion yuan ($4.36 billion) last year, according to investment bank China Renaissance Securities, even as regulators have clamped down on sites that provide illegal content, including pornography.

(Reporting By Matthew Miller and Catherine Cadell; Editing by Robert Birsel)