Tag Archives: Technology

U.S. Energy Department helping power firms defend against cyber attacks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Jim Finkle, Scott DiSavino and Timothy Gardner

(Reuters) – The U.S. Department of Energy said on Friday it is helping U.S. firms defend against a hacking campaign that targeted power companies including at least one nuclear plant, saying the attacks have not impacted electricity generation or the grid.

News of the attacks surfaced a week ago when Reuters reported that the U.S. Department of Homeland Security and Federal Bureau of Investigation issued a June 28 alert to industrial firms, warning them of hacking targeting the nuclear, power and critical infrastructure sectors.

“DOE is working with our government and industry partners to mitigate any impact from a cyber intrusion affecting entities in the energy sector,” a Department of Energy representative said in an email to Reuters. “At this time, there has been no impact to systems controlling U.S. energy infrastructure. Any potential impact appears to be limited to administrative and business networks.”

It was not clear who was responsible for the hacks. The joint report by the DHS and the FBI did not identify the attackers, though it described the hacks as “an advanced persistent threat,” a term that U.S. officials typically but not always use to describe attacks by culprits.

The DOE discussed its response to the attacks after Bloomberg News reported on Friday that the Wolf Creek nuclear facility in Kansas was among at least a dozen U.S. power firms breached in the attack, citing current and former U.S. officials who were not named.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said via email.

A separate Homeland Security technical bulletin issued on June 28 included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

The June 28 alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

David Lochbaum, a nuclear expert at the nonprofit group Union of Concerned Scientists, said reactors have a certain amount of immunity from cyber attacks because their operation systems are separate from digital business networks. But over time it would not be impossible for hackers to potentially do harm.

“Perhaps the biggest vulnerability nuclear plants face from hackers would be their getting information on plant designs and work schedules with which to conduct a physical attack,” Lochbaum said.

The DOE said it has shared information about this incident with industry, including technical details on the attack and mitigation suggestions.

“Security professionals from government and industry are working closely to share information so energy system operators can defend their systems,” the agency representative said.

Earlier, the FBI and DHS issued a joint statement saying “There is no indication of a threat to public safety” because the impact appears limited to administrative and business networks.

The Nuclear Regulatory Commission has not received any notifications of a cyber event that has affected critical systems at a nuclear plant, said spokesman Scott Burnell.

A nuclear industry spokesman told Reuters last Saturday that hackers have never gained access to a nuclear plant.

(Reporting by Jim Finkle in Toronto, Scott DiSavino in New York and Timothy Gardner in Washington; Additional reporting by Dustin Volz in Washington and Joseph Menn in San Francisco; Editing by Bernard Orr)

Global shipping feels fallout from Maersk cyber attack

The Maersk ship Adrian Maersk is seen as it departs from New York Harbor in New York City, U.S., June 27, 2017. REUTERS/Brendan McDermid

By Jonathan Saul

LONDON (Reuters) – Global shipping is still feeling the effects of a cyber attack that hit A.P. Moller-Maersk <MAERSKb.CO> two days ago, showing the scale of the damage a computer virus can unleash on the technology dependent and inter-connected industry.

About 90 percent of world trade is transported by sea, with ships and ports acting as the arteries of the global economy. Ports increasingly rely on communications systems to keep operations running smoothly, and any IT glitches can create major disruptions for complex logistic supply chains.

The cyber attack was among the biggest-ever disruptions to hit global shipping. Several port terminals run by a Maersk division, including in the United States, India, Spain, the Netherlands, were still struggling to revert to normal operations on Thursday after experiencing massive disruptions.

South Florida Container Terminal, for example, said dry cargo could not be delivered and no container would be received. Anil Diggikar, chairman of JNPT port, near the Indian commercial hub of Mumbai, told Reuters that he did not know “when exactly the terminal will be running smoothly”.

His uncertainty was echoed by Maersk itself, which told Reuters that a number of IT systems were still shut down and that it could not say when normal business operations would be resumed.

It said it was not able to comment on specific questions regarding the breach of its IT systems or the state of its cyber security as it had “all available hands focused on practical stuff and getting things back to normal”.

The impact of the attack on the company has reverberated across the industry given its position as the world’s biggest container shipping line and also operator of 76 ports via its APM Terminals division.

Container ships transport much of the world’s consumer goods and food, while dry bulk ships haul commodities including coal and grain and tankers carry vital oil and gas supplies.

“As Maersk is about 18 percent of all container trade, can you imagine the panic this must be causing in the logistic chain of all those cargo owners all over the world?” said Khalid Hashim, managing director of Precious Shipping <PSL.BK>, one of Thailand’s largest dry cargo ship owners.

“Right now none of them know where any of their cargoes (or)containers are. And this ‘black hole’ of lack of knowledge will continue till Maersk are able to bring back their systems on line.”

BACK TO BASICS

The computer virus, which researchers are calling GoldenEye or Petya, began its spread on Tuesday in Ukraine and affected companies in dozens of countries.

Maersk said the attack had caused outages at its computer systems across the world.

In an example of the turmoil that ensued, the unloading of vessels at the group’s Tacoma terminal was severely slowed on Tuesday and Wednesday, said Dean McGrath, president of the International Longshore and Warehouse Union Local 23 there.

The terminal is a key supply line for the delivery of domestic goods such as milk and groceries and construction materials to Anchorage, Alaska.

“They went back to basics and did everything on paper,” McGrath said.

Ong Choo Kiat, President of U-Ming Marine Transport <2606.TW>, Taiwan’s largest dry bulk ship owner, said the fact Maersk had been affected rang alarm bells for the whole shipping industry as the Danish company was regarded as a leader in IT technology.

“But they ended up one of the first few casualties. I therefore conclude that shipping is lacking behind the other industry in term of cyber security,” he said.

“How long would it takes to catch up? I don’t know. But recently all owners and operators are definitely more aware of the risk of cyber security and beginning to pay more attention to it.”

In a leading transport survey by international law firm Norton Rose Fulbright published this week, 87 percent of respondents from the shipping industry believed cyber attacks would increase over the next five years – a level that was higher than counterparts in the aviation, rail and logistics industries.

VULNERABLE

Apart from the reliance on computer systems, ships themselves are increasingly exposed to interference through electronic navigation devices such as the Global Positioning System (GPS) and lack the backup systems airliners have to prevent crashes, according to cyber security experts.

There were no indications that GPS and other electronic navigation aids were affected by this week’s attack, but security specialists say such systems are vulnerable to signal loss from deliberate jamming by hackers.

Last year, South Korea said hundreds of fishing vessels had returned early to port after its GPS signals were jammed by North Korea, which denied responsibility.

“The Maersk attack raises our awareness of the vulnerability of shipping and ports to technological failure,” said Professor David Last, a previous president of Britain’s Royal Institute of Navigation.

“When GPS fails, ships’ captains lose their principal means of navigation and much of their communications and computer links. They have to slow down and miss port schedules,” said Last, who is also a strategic advisor to the General Lighthouse Authorities of the UK and Ireland.

A number of countries including the UK and the United States are looking into deploying a radar based back up navigation system for ships called eLoran, but this will take time to develop.

David Nordell, head of strategy and policy for London-based think tank, the Centre for Strategic Cyberspace and Security Science, said the global shipping and port industries were vulnerable to cyber attack, because their operating technologies tend to be old.

“It’s certainly possible to imagine that two container ships, or, even worse, oil or gas tankers, could be hacked into colliding, resulting in loss of life and cargo, and perhaps total loss of the vessels,” Nordell said.

“Carried out in a strategically sensitive location such as the Malacca Straits or the Bosphorus, a collision like this could block shipping for enough time to cause serious dislocations to trade.”

SECRETIVE INDUSTRY

Cyber risks also pose challenges for insurance cover.

In a particularly secretive industry, information about the nature of cyber attacks is still scarce, which insurance and shipping officials say is an obstacle to mitigating the risk, which means there are gaps in insurance cover available.

“There has been a lot of non-reporting (of breaches) on ships, and we’re trying efforts where even if there could be anonymous reporting on a platform so we can start to get the information and the data,” said Andrew Kinsey, senior marine consultant at insurer Allianz Global Corporate & Specialty.

There is also a gap in provision, because most existing cyber or hull insurance policies – which insure the ship itself – will not cover the risk of a navigation system being jammed or physical damage to the ship caused by a hacking attack.

“The industry is just waking up to its vulnerability,” said Colin Gillespie, deputy director of loss prevention with ship insurer North.

“Perhaps it is time for insurers, reinsurers, ship operators and port operators to sit down together and consider these risks in detail. A collective response is needed – we are all under attack.”

(Additional reporting by Jacob Gronholt-Pedersen in Copenhagen, Keith Wallis and Carolyn Cohn in London, Euan Rocha in Mumbai, Miyoung Kim in Singapore, Alexander Cornwell in Dubai, Michael Hirtzer in Chicago, Noor Zainab Hussain in Bangalore, Adam Jourdan and Shanghai newsroom; Editing by Pravin Char)

New computer virus spreads from Ukraine to disrupt world business

A user takes a selfie in front of a laptop at WPP, a British multinational advertising and public relations company in Hong Kong, China June 28, 2017 in this picture obtained from social media. INSTAGRAM/KENNYMIMO via REUTERS

By Eric Auchard and Dustin Volz

FRANKFURT/WASHINGTON (Reuters) – A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.

Risk-modeling firm Cyence said economic losses from this week’s attack and one last month from a virus dubbed WannaCry would likely total $8 billion. That estimate highlights the steep tolls businesses around the globe face from growth in cyber attacks that knock critical computer networks offline.

“When systems are down and can’t generate revenue, that really gets the attention of executives and board members,” said George Kurtz, chief executive of security software maker CrowdStrike. “This has heightened awareness of the need for resiliency and better security in networks.”

The virus, which researchers are calling GoldenEye or Petya, began its spread on Tuesday in Ukraine. It infected machines of visitors to a local news site and computers downloading tainted updates of a popular tax accounting package, according to national police and cyber experts.

It shut down a cargo booking system at Danish shipping giant A.P. Moller-Maersk <MAERSKb.CO>, causing congestion at some of the 76 ports around the world run by its APM Terminals subsidiary..

Maersk said late on Wednesday that the system was back online: “Booking confirmation will take a little longer than usual but we are delighted to carry your cargo,” it said via Twitter.

U.S. delivery firm FedEx said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China’s Cofco.

The malicious code encrypted data on machines and demanded victims $300 ransoms for recovery, similar to the extortion tactic used in the global WannaCry ransomware attack in May.

Security experts said they believed that the goal was to disrupt computer systems across Ukraine, not extortion, saying the attack used powerful wiping software that made it impossible to recover lost data.

“It was a wiper disguised as ransomware. They had no intention of obtaining money from the attack,” said Tom Kellermann, chief executive of Strategic Cyber Ventures.

Brian Lord, a former official with Britain’s Government Communications Headquarters (GCHQ) who is now managing director at private security firm PGI Cyber, said he believed the campaign was an “experiment” in using ransomware to cause destruction.

“This starts to look like a state operating through a proxy,” he said.

ETERNAL BLUE

The malware appeared to leverage code known as “Eternal Blue” believed to have been developed by the U.S. National Security Agency.

Eternal Blue was part of a trove of hacking tools stolen from the NSA and leaked online in April by a group that calls itself Shadow Brokers, which security researchers believe is linked to the Russian government.

That attack was noted by NSA critics, who say the agency puts the public at risk by keeping information about software vulnerabilities secret so that it can use them in cyber operations.

U.S. Representative Ted Lieu, a Democrat, on Wednesday called for the NSA to immediately disclose any information it may have about Eternal Blue that would help stop attacks.

“If the NSA has a kill switch for this new malware attack, the NSA should deploy it now,” Lieu wrote in a letter to NSA Director Mike Rogers.

The NSA did not respond to a request for comment and has not publicly acknowledged that it developed the hacking tools leaked by Shadow Brokers.

The target of the campaign appeared to be Ukraine, an enemy of Russia that has suffered two cyber attacks on its power grid that it has blamed on Moscow.

ESET, a Slovakian cyber-security software firm, said 80 percent of the infections detected among its global customer base were in Ukraine, followed by Italy with about 10 percent.

Ukraine has repeatedly accused Moscow of orchestrating cyber attacks on its computer networks and infrastructure since Russia annexed Crimea in 2014.

The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the attack, which also struck Russian companies including oil giant Rosneft <ROSN.MM> and a steelmaker.

“Unfounded blanket accusations will not solve this problem,” said Kremlin spokesman Dmitry Peskov.

Austria’s government-backed Computer Emergency Response Team (CERT) said “a small number” of international firms appeared to be affected, with tens of thousands of computers taken down.

Microsoft, Cisco Systems Inc and Symantec Corp <SYMC.O> said they believed the first infections occurred in Ukraine when malware was transmitted to users of a tax software program.

Russian security firm Kaspersky said a news site for the Ukraine city of Bakhumut was also hacked and used to distribute the ransomware.

A number of the victims were international firms with have operations in Ukraine.

They include French construction materials company Saint Gobain <SGOB.PA>, BNP Paribas Real Estate <BNPP.PA>, and Mondelez International Inc <MDLZ.O>, which owns Cadbury chocolate.

Production at the Cadbury factory on the Australian island state of Tasmania ground to a halt late on Tuesday after computer systems went down.

(Additional reporting by Jack Stubbs in Moscow, Alessandra Prentice in Kiev, Helen Reid in London, Teis Jensen in Copenhagen, Maya Nikolaeva in Paris, Shadia Naralla in Vienna, Marcin Goettig in Warsaw, Byron Kaye in Sydney, John O’Donnell in Frankfurt, Ari Rabinovitch in Tel Aviv, Noor Zainab Hussain in Bangalore; Writing by Eric Auchard, David Clarke and Jim Finkle; Editing by David Clarke and Andrew Hay)

Global business reels from second major cyber attack in two months

Customers queue in 'Rost' supermarket in Kharkiv, Ukraine June 27, 2017 in this picture obtained from social media. MIKHAIL GOLUB via REUTERS

By Eric Auchard and Jack Stubbs

FRANKFURT/MOSCOW (Reuters) – A major cyber attack, believed to have first struck Ukraine, caused havoc around the world on Wednesday, crippling computers or halting operations at port operator Maersk, a Cadbury chocolate plant in Australia and the property arm of French bank BNP Paribas.

Russia’s biggest oil company, Ukrainian banks and multinational firms were among those hit on Tuesday by the cyber extortion campaign, which has underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers.

The rapidly spreading computer worm appeared to be a variant of an existing ransomware family known as Petya which also has borrowed key features from last month’s ransomware attack, named “WannaCry”.

ESET, an anti-virus vendor based in Bratislava, said 80 percent of all infections from the new attack detected among its global customer base were in Ukraine, with Italy second hardest hit at around 10 percent. Several of the international firms hit had operations in Ukraine.

Shipping giant A.P. Moller-Maersk <MAERSKb.CO>, which handles one in seven containers shipped worldwide and has a logistics unit in Ukraine, is not able to process new orders after being hit by the attack on Tuesday, it told Reuters.

“Right now, at this hour, we’re not able to take new orders,” Maersk Line Chief Commercial Officer Vincent Clerc said in a telephone interview on Wednesday.

BNP Paribas Real Estate <BNPP.PA>, which provides property and investment management services, confirmed it had been hit but declined to specify how widely it had affected its business. It employed nearly 3,500 staff in 16 countries as of last year.

“The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures have been taken to rapidly contain the attack,” the bank told Reuters on Wednesday, after a person familiar with the matter had said that some staff computers were blocked on Tuesday due to the incident.

Production at the Cadbury <MDLZ.O> factory on the island state of Tasmania ground to a halt late on Tuesday after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.

Russia’s Rosneft <ROSN.MM>, one of the world’s biggest crude producers by volume, said on Tuesday its systems had suffered “serious consequences” but said oil production had not been affected because it switched over to backup systems.

The virus crippled computers running Microsoft Corp’s <MSFT.O> Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access.

Several security experts questioned whether the effort to extort victims with computers hit by the virus was the main goal, or whether the unknown hackers behind the attack could have other motives.

(Reporting by Eric Auchard; Editing by Adrian Croft)

Ransomware virus hits computer servers across the globe

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko

By Jack Stubbs and Pavel Polityuk

MOSCOW/KIEV (Reuters) – A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia’s biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.

Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.

“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.

He said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. “This could hit the U.S.A. pretty bad,” he said.

The U.S. Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.

The first reports of organizations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain.

Within hours, the attack had gone global.

Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said the attack had caused outages at its computer systems across the world on Tuesday, including at its terminal in Los Angeles.

Pharmaceutical company Merck & Co said its computer network had been affected by the global hack.

A Swiss government agency also reported computer systems were affected in India, though the country’s cyber security agency said it had yet to receive any reports of attacks.

“DON’T WASTE YOUR TIME”

After the Wannacry attack, organizations around the globe were advised to beef up IT security.

“Unfortunately, businesses are still not ready and currently more than 80 companies are affected,” said Nikolay Grebennikov, vice president for R&D at data protection firm Acronis.

One of the victims of Tuesday’s cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files.

“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted by Ukraine’s Channel 24.

The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.

Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft, French construction materials firm Saint Gobain and the world’s biggest advertising agency, WPP – though it was not clear if their problems were caused by the same virus.

“The building has come to a standstill. It’s fine, we’ve just had to switch everything off,” said one WPP employee who asked not to be named.

WANNACRY AGAIN

Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught.

Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.

It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender.

“There is no workaround to help victims retrieve the decryption keys from the computer,” the company said.

Russian security software maker Kaspersky Lab, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before.

Last’s month’s fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called kill-switch that experts hailed as the decisive step in slowing the attack.

Any organization that heeded strongly worded warnings in recent months from Microsoft Corp to urgently install a security patch and take other steps appeared to be protected against the latest attacks.

Ukraine was particularly badly hit, with Prime Minister Volodymyr Groysman describing the attacks on his country as “unprecedented”.

An advisor to Ukraine’s interior minister said the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Yevhen Dykhne, director of the Ukrainian capital’s Boryspil Airport, said it had been hit. “In connection with the irregular situation, some flight delays are possible,” Dykhne said in a post on Facebook. A Reuters reporter who visited the airport late on Tuesday said flights were operating as normal.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network had gone down and the central bank said a operation at a number of banks and companies, including the state power distributor, had been disrupted by the attack.

“As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations,” the central bank said in a statement.

Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences” from the attack. It said it avoided any impact on oil production by switching to backup systems.

The Russian central bank said there were isolated cases of lenders’ IT systems being infected by the cyber attack. One consumer lender, Home Credit, had to suspend client operations.

(Additional reporting by European bureaux and Jim Finkle in Toronto; writing by Christian Lowe; editing by David Clarke)

Pro-Islamic State hackers threaten President Trump on Ohio governor’s website

FILE PHOTO: Ohio Governor John Kasich speaks to reporters after an event at the White House in Washington, U.S., on November 10, 2016. REUTERS/Kevin Lamarque/File Photo

By Gabriella Borter

(Reuters) – Nearly a dozen Ohio state websites, including Governor John Kasich’s, were up and running again on Monday, a day after hackers posted messages of support for the Islamic State on their homescreens.

After the hack, the homescreen of governor.ohio.gov, Kasich’s official website, displayed a black background and an Arabic symbol, and the top of the screen said “Hacked by Team System Dz.”

The text on the screen read: “You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries,” and “I Love Islamic State.” The militant group Islamic State is largely made up of Sunni militants from Iraq and Syria but has drawn jihadi fighters from across the Muslim world and Europe.

The Ohio Department of Public Safety was working with federal agencies to investigate the hacking “to make sure nothing like this happens again,” said Tom Hoyt, a spokesman for Ohio’s Department of Administrative Services, on Monday.

Technicians are scanning websites and data banks but have found no services that have been disrupted by the hack, nor any evidence that information about employees or private citizens was accessed or disturbed, Hoyt said.

Along with Kasich’s website, the websites of First Lady Karen Kasich, the Department of Medicaid, and the Department of Rehabilitation and Correction were among the 10 other Ohio state sites that were hacked.

The websites of Howard County, Maryland and the town of Brookhaven, New York were also targets of the hacking spree and displayed the same message. The Brookhaven website remained inaccessible on Monday.

The FBI’s Columbus, Ohio, office declined comment on whether it knew anything about the group “Team System Dz.”

Earlier this year, a group using the same name claimed responsibility for hacking websites in Wisconsin, as well as in Scotland, England and Italy.

(This story has been refiled to remove extra word in paragraph 5)

(Reporting by Gabriella Borter; Editing by Marguerita Choy)

U.S. banks, corporations establish principles for cyber risk ratings firms

A view of the exterior of the JP Morgan Chase & Co. corporate headquarters in New York City May 20, 2015. REUTERS/Mike Segar/Files

By Anna Irrera and Olivia Oran

(Reuters) – More than two dozen U.S. companies, including several big banks, have teamed up to establish shared principles that would allow them to better understand their cyber security ratings and to challenge them if necessary, the U.S. Chamber of Commerce said on Tuesday. Large corporations often use the ratings, the cyber equivalent of a FICO credit score, to assess how prepared the companies they work with are to withstand cyber attacks. Insurers also look at the ratings when they make underwriting decisions on cyber liability.

The group includes big banks like JPMorgan Chase & Co <JPM.N>, Goldman Sachs Group Inc <GS.N> and Morgan Stanley <MS.N>, as well as non-financial companies like coffee retailer Starbucks Corp <SBUX.O>, health insurer Aetna Inc <AET.N> and home improvement chain Home Depot Inc <HD.N>. They are organizing the effort through the Chamber of Commerce, a broad trade group for corporate America.

The move comes in response to the emergence of such startups as BitSight Technologies, RiskRecon and SecurityScorecard that collect and analyze large swaths of data to rate companies on cyber security.

As these startups have gained prominence and venture capital funding, the companies they rate have complained of a lack of transparency.

“The challenge is that their (startups’) methodologies are proprietary and there hasn’t been transparency on how they go about creating the ratings,” JPMorgan Global Chief Information Security Officer Rohan Amin said in an interview.

The financial services industry is among the most vulnerable to cyber crime because of the massive amount of money and valuable data that banks, brokerages and investment firms process each day. Several technology companies, including Microsoft Corp <MSFT.O> and Verizon Communications Inc <VZ.N>, also support the principles being developed, as do the cyber ratings firms, the Chamber of Commerce said.

Ratings issued by those companies could help guide the standards being set by U.S. corporations. BitSight, for example, rates companies on a scale of 250 to 900 with a higher rating indicating better security performance.

“For organizations to use your platform you have to demonstrate trustworthiness and reliability,” said Jake Olcott, BitSight’s vice president of strategic partnerships.

(Reporting by Anna Irrera and Olivia Oran in New York; Editing by Lauren Tara LaCapra and Lisa Von Ahn)

EU agrees to use sanctions against cyber hackers

Participant of the Pro-Europe "Pulse of Europe" movement waves European Union flag during a protest at Gendarmenmarkt square in Berlin, Germany, April 2, 2017. REUTERS/Fabrizio Bensch

LUXEMBOURG (Reuters) – The European Union can levy economic sanctions on anyone caught attacking EU states’ computer networks, EU foreign ministers said on Monday, the bloc’s latest step to deter more attacks following incidents in Britain and France.

With German national elections in September, interference in democratic votes is a concern for the bloc after accusations of Russian meddling in the U.S. presidential election last November and the French election in May.

EU foreign ministers agreed that so-called restrictive measures including travel bans, assets freezes and blanket bans on doing business with a person, company or government could be used for the first time.

“A joint EU response to malicious cyber activities would be proportionate to the scope, scale, duration, intensity, complexity, sophistication and impact of the cyber activity,” the bloc said in a statement.

U.S. intelligence agencies concluded last year that Russia hacked and leaked Democratic Party emails as part of an effort to tilt the presidential election in favor of President Donald Trump, which Russia denies.

A British intelligence agency has told political parties to protect themselves against potential cyber attacks, while the French government dropped plans to let its citizens abroad vote electronically in Sunday’s legislative elections because of the risk of cyber attacks.

(Reporting by Robin Emmott, editing by Ed Osmond)

Wall St. at record highs on technology, health stocks strength

Traders work on the floor of the New York Stock Exchange (NYSE) in New York, U.S., June 2, 2017.

By Sinead Carew

NEW YORK (Reuters) – U.S. stocks rose on Monday, with the S&P 500 and the Dow Jones Industrial Average hitting record highs helped by a technology sector rebound and strength in healthcare and financial stocks.

Nasdaq’s biotechnology index rose 2.5 percent and was on track for its biggest one-day gain since February helped by stocks including Biogen Inc and Clovis Oncology while the S&P’s healthcare index  hit a record high.

The S&P technology sector was up 1.4 percent after its second straight weekly decline, which was triggered by fears of stretched valuations. Tech stocks have led the S&P 500’s 9.4 percent rally this year.

“(Technology) valuations are not cheap but it doesn’t seem to be a deterrent for buyers,” said Mark Luschini, chief investment strategist at Janney Montgomery Scott in Philadelphia. “Investors were temporarily chased from the space but many companies in the sector offer growth which is difficult to find in the market as a whole.”

Apple rose 3.8 percent to $146.07, providing the biggest boost to technology followed by Microsoft, Alphabet and Facebook.

The financial sector was also one of the benchmark’s strongest gainers with a 0.9 percent rise after New York Federal Reserve President William Dudley, a close ally of Fed Chair Janet Yellen, said U.S. inflation was a bit low but should rise alongside wages as the labor market continues to improve, allowing the U.S. central bank to continue gradually tightening monetary policy.

Yellen’s confidence as her team raised interest rates for the third time in six months last week surprised investors who had expected more caution about the economy following a set of weak U.S. economic data.

“That was notable in supporting the financial sector which does well under the prospects of better economic conditions and a steeper yield curve,” said Luschini.

The S&P 500 bank subsector was up 1.3 percent

At 2:48 P.M. (1848 GMT), the Dow Jones Industrial Average was up 119.2 points, or 0.56 percent, to 21,503.48, the S&P 500 had gained 16.44 points, or 0.68 percent, to 2,449.59 and the Nasdaq Composite had added 74.33 points, or 1.21 percent, to 6,226.08.

Biogen shares were one of the top three S&P percentage gainers with a 3.96 percent rise to $261.71, after it was upgraded to “neutral” from “sell” at UBS, which raise its price target to $270 from $262.

Shares of Clovis Oncology were up 46.9 percent at $88 after late-stage data on its already approved ovarian cancer drug.

The S&P tech sector is trading at about 18.7 times forward earnings, compared with the historical 10-year average of 14.5, according to Thomson Reuters Datastream.

Advancing issues outnumbered declining ones on the NYSE by a 1.68-to-1 ratio; on Nasdaq, a 1.92-to-1 ratio favored advancers.

The S&P 500 posted 49 new 52-week highs and 10 new lows; the Nasdaq Composite recorded 99 new highs and 87 new lows.

(Additional reporting by Tanya Agrawal, Chuck Mikolajczak and Lewis Krauskopf; Editing by Saumyadeb Chakrabarty and James Dalgleish)

U.S. muni market slowly starts paying heed to cyber risks

FILE PHOTO: An advertisement about the Microsoft Cybercrime Center plays behind a window reflecting a nearby building at the Microsoft office in Cambridge, Massachusetts, U.S. May 15, 2017. REUTERS/Brian Snyder/File Photo

By Hilary Russ

NEW YORK (Reuters) – A rise in cyber attacks on U.S. public sector targets so far has had little impact in the $3.8 trillion municipal debt market, with no issuer as yet hit by a downgrade or higher borrowing costs because of a cyber security threat.

That is beginning to change.

S&P Global has begun to quiz states, cities and towns about their cyber defenses, and some credit analysts are starting to factor cyber security when they look at bonds. Moody’s Investors Service is also trying to figure out how to best evaluate cyber risk.

The shift follows a particularly steep rise in ransomware attacks, when criminals hold an entity’s computer system hostage until a small ransom is paid.

The number of global ransomware detections rose 36 percent in 2016 from the year before, to 463,841, with the United States most heavily affected, according to cyber security firm Symantec Corp.

Such attacks, which have also hit companies and federal entities, have spared no kind of municipal issuer large or small, from police departments to school districts and transit agencies. Ransomware attacks on state and local governments and their agencies have risen in proportion with the overall increase, according to cyber insurance provider Beazley Group.

“State and local governments are a huge target, quite frankly an easy target for bad guys,” said Bob Anderson, managing director for information security at Navigant management consulting firm in Washington and a former global cyber investigator at the Federal Bureau of Investigation.

Last month’s “WannaCry” ransomware attack, which hobbled global businesses and Britain’s National Health Service, may also be prompting renewed focus on cyber security, though it had minimal impact in the United States.

Considering a potential cyber attack as a similar risk to a natural disaster, S&P has already been reviewing cyber security defenses of utilities, hospitals and colleges because they were early public sector targets for hackers.

Now it is also beginning to ask cities and states about the costs and level of security measures and the financial impact of successful attacks, said Geoffrey Buswick, who manages S&P’s public sector ratings.

HEAD IN THE SAND

The answers feed into broader categories that affect an issuer’s ratings, particularly governance, liquidity and operations.

Many breaches are handled quickly and financial damage is limited, but not every attack will necessarily end that way, Buswick said. “We’re trying to get sense of who has their head in the sand and who doesn’t.”

Fitch Ratings said it does not consider cyber security in its ratings, and many investors still are not concerned enough to ask for details.

In part, that is because it can be difficult to assess the operational and financial fallout of such attacks. Some high profile breaches so far have also done limited damage to issuers’ finances.

Case in point is the state of South Carolina, which in August 2012 suffered possibly the worst cyber attack yet of any city or state.

When hackers stole the personal data of more than 3.5 million taxpayers, the state had to investigate, provide credit monitoring and consumer fraud protection, and implement a slew of post-breach upgrades, according to State Senator Thomas Alexander.

The total cost is around $76 million and counting, he said. That is enough to pay for several school programs combined. But against South Carolina’s annual general fund budget of roughly $8 billion, the costs made no dent in its standing as a borrower.

Many issuers do not disclose any information to potential investors in bond documents about cyber risks or defenses. But a few, particularly hospitals and utilities, have started doing so.

In a February prospectus, the Maryland Health and Higher Educational Facilities Authority, the state’s largest public debt issuer, included nearly a full page devoted to the growing risk of cyber attacks.

“Because we’re such a large issuer, and because healthcare is often treated much more like a corporate credit, the legal counsels to the transaction weigh in on the bondholder risk section,” said Annette Anselmi, the authority’s Executive Director, noting that such disclosures also evolve depending on what kinds of questions the market is asking.

Hospitals are also ahead on cyber security disclosure because they rely on huge amounts of data, said Court Street Group analyst Joseph Krist.

Eventually, he expects others to follow suit.

“We went through this with getting munis to … disclose more pension information. Those were frankly long and painful processes. It just has to get to a critical mass.”

(Reporting by Hilary Russ; Additional reporting by Jim Finkle in Toronto; Editing by Daniel Bases and Tomasz Janowski)