Cyberwarfare, populism top ‘black swan’ events at Milken conference

Thomas Barrack, Executive Chairman, Colony Northstar, speaks at the Milken Institute's 21st Global Conference in Beverly Hills, California, U.S. May 1, 2018. REUTERS/Lucy Nicholson

By Anna Irrera

BEVERLY HILLS, Calif. (Reuters) -Cyberwarfare and populism are some of the top risks that could threaten global stability and financial markets in the years ahead, investors and policymakers warned at the annual Milken Institute Global Conference this week, as they characterized them as black swan events.

Thomas Barrack, founder and executive chairman of Colony Northstar, said cybersecurity was his greatest concern because “if the system itself is hacked or breaks or causes trauma, I am not sure what happens.”

Representative Ed Royce, chairman of the U.S. House of Representatives Foreign Affairs Committee, echoed the sentiment, saying that “Russian weaponization of information” has been one of his main concerns.

“The impact that is having in terms of the effect on the democratic process there (in Eastern Europe) is very concerning,” Royce said. “Indeed, worldwide Russian efforts in this regard need to be effectively countered, and it’s been many years since we’ve done anything effective.”

Royce, who also expressed concerns about the proliferation of nuclear weapons, called for more aggressive action.

“We need on social media and with respects to our sanctions push-back and make them (Russia) feel the price for doing this,” Royce said.

American intelligence agencies have said that Russia interfered in the 2016 U.S. presidential race to try to help Donald Trump win the presidency. Trump has repeatedly denied receiving help from Moscow for his election campaign, and Russian has denied meddling in the election.

While government and business leaders worldwide have become more aware of cybersecurity risks, the threat may still be underappreciated, some speakers said.

“The cyberwarfare in this world is completely unknown, uncontemplated and has to be grasped as we think about where we are going,” Mary Callahan Erdoes, chief executive officer of JPMorgan Asset Management, said on Monday.

Others cited rising populism in the West as one of the biggest risks for the global economy and market stability.

“My black swan is politics, politics in the West which is getting bust,” said Peter Mandelson, a former European trade commissioner and British first secretary of state. “And bust politics has two effects. It generates populist nationalist pressures on government and regulators, draws them more into the economy, onto the backs of businesses and makes decision-making by investors and businesses much more difficult.”

Although speakers did share what might keep them up at night in the coming months, the outlook was generally upbeat at the event, with Citigroup Inc <C.N> CEO Michael Corbat describing the current state of affairs as being “OK.”

Ironically, the mood was so positive that some speakers worried about excessive optimism.

“I am really concerned regarding the overwhelming optimism, which we observed over the past two days,” said Hiro Mizuno, chief investment officer for Japan’s Government Pension Investment Fund. “People say nothing matters to the capital markets, so that is scary.”

Chris Stadler, managing partner at CVC Capital, added: “When you sit here and…you talk about all these things hitting on all cylinders and you don’t know what could change it, you’re coming close to an event.”

(Reporting by Anna Irrera; Additional reporting by Liana Baker; Editing by Jennifer Ablan and Leslie Adler)

Researchers say global cyber attack similar to North Korean hacks

A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS

By Ju-min Park and Dustin Volz

SEOUL/WASHINGTON (Reuters) – Cybersecurity researchers have found evidence they say could link North Korea with the WannaCry cyber attack that has infected more than 300,000 computers worldwide, as global authorities scrambled to prevent hackers from spreading new versions of the virus.

A researcher from South Korea’s Hauri Labs said on Tuesday their own findings matched those of Symantec <SYMC.O> and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

“It is similar to North Korea’s backdoor malicious codes,” said Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea’s hacking capabilities and advises South Korean police and National Intelligence Service.

Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta.

The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.

In China, foreign ministry spokeswoman Hua Chunying said she had no information to share, when asked about the origin of the attack and whether North Korea might be connected.

Several Asian countries have been affected by the malware, although the impact has not been as widespread as some had feared.

In Malaysia, cybersecurity firm LE Global Services said it identified 12 cases so far, including a large government-linked corporation, a government-linked investment firm and an insurance company. It did not name any of the entities.

“We may not see the real picture yet, as companies are not mandated to disclose security breaches to authorities in Malaysia,” said LE Global CEO Fong Choong Fook.

“The real situation may be serious. In one of the cases, the attack was traced back to early April.”

Vietnam’s state media said on Tuesday more than 200 computers had been affected.

Taiwan Power Co. <TAIWP.UL> said that nearly 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.

EXPERTS URGE CAUTION

FireEye Inc <FEYE.O>, another large cyber security firm, said it was also investigating, but it was cautious about drawing a link to North Korea.

“The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” FireEye researcher John Miller said.

U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

An official at South Korea’s Korea Internet & Security Agency said on Tuesday the agency was sharing information with intelligence officials on recent cases reported for damages but was not in position to investigate the source of the attack.

The official declined to comment on intelligence-related matters.

A South Korean police official that handles investigations into hacking and cyber breaches said he was aware of reports on the North Korean link, but said police were not investigating yet.

Victims haven’t requested investigations but they want their systems to be restored, the official said.

North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.

Hauri researcher Choi said the code bore similarities with those allegedly used by North Korean hackers in the Sony and bank heists. He said based on his conversations with North Korean hackers, the reclusive state had been developing and testing ransomware programs since August.

In one case, alleged hackers from North Korea demanded bitcoin in exchange for client information they had stolen from a South Korean shopping mall, Choi added.

The North Korean mission to the United Nations was not immediately available for comment on Monday.

While the attacks have raised concerns for cyber authorities and end-users worldwide, they have helped cybersecurity stocks as investors bet governments and corporations will spend more to upgrade their defenses.

Cisco Systems <CSCO.O> closed up 2.3 percent on Monday and was the second-biggest gainer in the Dow Jones Industrial Average.

(Additional reporting by Jess Macy Yu in Taipei, My Pham in Hanoi, Michael Martina in Beijing and Liz Lee in Kuala Lumpur; Writing by Jeremy Wagstaff in Singapore; Editing by Sam Holmes, Michael Perry and Mike Collett-White)

Germany to increase military for cybersecurity and fight against Islamic State

German Bundeswehr army demonstrate their skills at Kaserne Hochstaufen in Bad Reichenhall

BERLIN (Reuters) – Germany plans to add 7,000 military jobs and 4,400 civilians to its armed forces over the next seven years to help tackle demands such as cybersecurity and the fight against Islamic State, its defense minister said on Tuesday.

Ursula von der Leyen said the move marked the first increase in the size of the German military since the end of the Cold War and was part of a broader campaign that has revamped the way the military buys equipment and prepares its budgets.

“A quarter century of a shrinking military is over. It is time for the German armed forces to grow,” she told reporters.

Germany’s armed forces totaled 800,000 military and civilian personnel at the time of German unification in 1990, but since have shrunk to a target of 185,000 troops and 56,000 civilians, according to German government officials.

They said the goal now was to get away from the strict ceilings used in the past and move toward a more dynamic annual review of personnel needs.

Officials said a recent comprehensive review had shown that the German military needed 14,300 additional troops to cope with new missions. These include the at-sea rescue of refugees, operations in support of a U.S.-led air strike campaign against Islamic State insurgents in Iraq and Syria, and backing operations against other Islamist militants in Mali.

Of those, 5,000 would be filled through changes in existing personnel, with 7,000 to be added in new posts and the extension of existing contracts.

Current plans would leave about 2,300 of the required military positions vacant, although that estimate could be adjusted next year, officials said.

(Reporting by Berlin Newsroom; Editing by Mark Heinrich)

Ransomware: Extortionist hackers borrow customer-service tactics

Hollywood Presbyterian Medical Center

By Jim Finkle

TEWKSBURY, Mass (Reuters) – When hackers set out to extort the town of Tewksbury, Massachusetts with “ransomware,” they followed up with an FAQ explaining the attack and easy instructions for online payment.

After balking for several days, Tewksbury officials decided that paying the modest ransom of about $600 was better than struggling to unlock its own systems, said police chief Timothy Sheehan.

That case and others show how cyber-criminals have professionalized ransomware schemes, borrowing tactics from customer service or marketing, law enforcement officials and security firms say. Some players in the booming underworld employ graphic artists, call centers and technical support to streamline payment and data recovery, according to security firms that advise businesses on hacking threats.

The advancements, along with modest ransom demands, make it easier to pay than fight.

“It’s a perfect business model, as long as you overlook the fact that they are doing something awful,” said James Trombly, president of Delphi Technology Solutions, a Lawrence, Massachusetts, computer services firm that helped three clients over the past year pay ransoms in bitcoin, the virtual currency. He declined to identify the clients.

In the December 2014 attack on Tewksbury, the pressure to pay took on a special urgency because hackers disabled emergency systems. That same is true of additional attacks on police departments and hospitals since then. But all sectors of government and business are targeted, along with individuals, security firms said.

The total cost of ransomware attacks is hard to quantify. But the Cyber Threat Alliance, a group of leading cyber security firms, last year estimated that global damages from CryptoWall 3 – among the most popular of dozens of ransomware variants – totaled $325 million in the first nine months of 2015.

Some operations hire underground call centers or email-response groups to walk victims through paying and restoring their data, said Lance James, chief scientist with the cyber-intelligence firm Flashpoint.

Graphic artists and translators craft clear ransom demands and instructions in multiple languages. They use geolocation to make sure that victims in Italy get the Italian version, said Alex Holden, chief information security officer with Hold Security.

While ransomware attacks have been around longer than a decade, security experts say they’ve become far more threatening and prevalent in recent years because of state-of-the-art encryption, modules that infect backup systems, and the ability to infect large numbers of computers over a single network.

Law enforcement officials have long advised victims against paying ransoms. Paying ransoms is “supporting the business model,” encouraging more criminals to become extortionists, said Will Bales, a supervisory special agent for the Federal Bureau of Investigation.

But Bales, who helps run ransomware investigations nationwide from the Washington, DC office, acknowledged that the payoffs make economic sense for many victims.

“It is a business decision for the victim to make,” he said.

Run-of-the-mill ransomware attacks typically seek 1 bitcoin, now worth about $420, which is about the same as the hourly rate that some security consultants charge to respond to such incidents, according to security firms who investigate ransomware cases.

Some attacks seek more, as when hackers forced Hollywood Presbyterian Hospital in Los Angeles to pay $17,000 to end an outage in February.

Such publicized incidents will breed more attacks, said California State Senator Robert Hertzberg, who in February introduced legislation to make a ransomware schemes punishable by up to four years in prison. The Senate’s public safety committee was scheduled to review that bill on Tuesday.

Some victims choose not to pay. The Pearland Independent School District near Houston refused to fork over about $1,600 in ransom demanded in two attacks this year, losing about three days of work from teachers and students. Instead, the district invested tens of thousands of dollars on security software, said Jonathan Block, the district’s desktop support services manager.

“This threat is real and something that needs to be dealt with,” Block said.

The town of Tewksbury has also upgraded its security technology, but Sheehan says he fears more attacks.

“We are so petrified we could be put into this position again,” he said. “Everybody is vulnerable.”

(Reporting by Jim Finkle. Additional reporting by Dustin Volz. Editing by Jonathan Weber and Brian Thevenot.)

Washington’s MedStar computers down for second day after virus

By Jim Finkle

(Reuters) – MedStar Health’s computer systems remained offline on Tuesday for the second straight day after the non-profit, one of the biggest medical service providers in the U.S. capital region, shut down parts of its network to stem the spread of a virus.

MedStar spokeswoman Ann Nickels said she did not know when the systems would be restored or what type of virus had infected the network.

“Medical services continue,” she said in an interview. When asked if elective procedures would be performed, she said that would determined “case by case.”

The non-profit, which runs 10 hospitals and some 250 outpatient facilities in Washington and Maryland, said Monday on its Facebook page that its computer network was infected by a virus that prevented some users from logging into the system early that day. MedStar quickly decided to take down “all system interfaces to prevent the virus from spreading” and moved to backup systems for paper record-keeping, the post said.

Nickels said she had no further information about the attack: “We are actively investigating.”

The FBI said on Monday that it was looking into the incident at MedStar, which is one of the largest medical providers to have operations interrupted by malicious software.

The discovery came after several recent attacks on U.S. hospitals by cyber extortionists using software known as ransomware, which encrypts data and demands that users pay to get it unlocked.

Last month, Hollywood Presbyterian Hospital in Los Angeles paid $17,000 to regain access to its systems after such an attack.

Security blogger Brian Krebs last week reported that Henderson, Kentucky-based Methodist Hospital declared a state of emergency after falling victim to a ransomware attack.

(Reporting by Jim Finkle; Additional reporting by Dustin Volz; Editing by Lisa Von Ahn)

Homeland Security Admits Cybersecurity Bill Could “Sweep Away Important Privacy Protections”

The Department of Homeland Security has given some powerful ammunition to opponents of a new cybersecurity bill, admitting that the bill could trample some privacy protections for citizens.

Answering a query from Minnesota Senator Al Franken, the deputy secretary of Homeland Security admitted the bill “could sweep away important privacy protections” and that the proposed legislation “raises privacy and civil liberties concerns”.

The bill in question, the Cybersecurity Information Sharing Act, could reach the Senate floor as early as Wednesday.

The bill would allow private companies such as Experian, which tracks information from loyalty cards at businesses to track customer movements, to expand their reach.

Section 4 of CISA states: “[a] private entity may, for cybersecurity purposes, monitor A) the information systems of such a private entity; B) the information systems of another entity, upon written consent of such other entity […] and D) information that is stored on, processed by, or transiting the information systems monitored by the private entity under this paragraph.”

The bill was introduced by California Democratic Senator Dianne Feinstein who says the bill “incentivizes” the sharing of cybersecurity information.

“It responds to the massive and growing threat to national and economic security from cyber intrusion and attack, and seeks to improve the security of public and private computer networks by increasing awareness of threats and defenses,” Ms. Feinstein has stated about CISA.

Groups such as the American Civil Liberties Union and the Electronic Frontier Foundation are calling on members to contact their Senators to vote against the bill, saying it is a violation of citizen’s rights.

One of the bill’s biggest opponents in the Senate is Oregon Senator Ron Wyden, who says the bill doesn’t promote cybersecurity but rather erases protections for many citizens.

“Right now, we are seeing the government is having trouble keeping its own data security,” Wyden told the Huffington Post. “But now Congress is setting up an arrangement where companies are going to hand over enormous amounts of additional private and personal information. That just doesn’t add up.”