Cyberattacks at ‘unprecedented level’ across the world--[WHO?]

Cyberattacks at ‘unprecedented level’ across the world

AUSTRALIA may have escaped the global cyberattack, but more details have emerged of which countries and organisations were hit.

AUSTRALIA may have escaped the global cyberattack, but more details have emerged of which countries and organisations were hit.

A fast-moving wave of cyberattacks swept the globe overnight, reportedly exploiting a flaw exposed in documents leaked from the US National Security Agency.

The attacks came in the form of ransomware, a technique used by hackers that locks users’ files unless they pay the attackers a designated sum in the virtual currency Bitcoin.

The scope of the attacks was not immediately clear, but some analysts reported that dozens of countries had been affected, with the malware linked to attacks on hospitals in Britain as well as the Spanish telecom giant Telefonica and the US delivery firm FedEx.

So far there have been no confirmed reports Australian organisations have been hit.

“We are continuing to monitor the situation closely and stand ready to deal with any cyber security threat to Australia’s critical infrastructure,” Prime Minister Malcolm Turnbull said through a spokesman this morning.

The prime minister’s right-hand man on cyber security, Alastair MacGibbon, is working with officials and health agencies to determine any impact on Australia.

Delivery company FedEx has confirmed it is suffering a malware attack.Source:News Corp Australia

The US Department of Homeland Security’s computer emergency response team said it was aware of ransomware infections “in several countries around the world.”

“We are now seeing more than 75,000 detections ... in 99 countries,” Jakub Kroustek of the security firm Avast said in a blog post.

Earlier, Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating “worm,” was spreading quickly.

Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly five million emails per hour was spreading the new ransomware.

The malware’s name is WCry, but analysts were also using variants such as WannaCry.

Forcepoint originally said in a statement that the attack had “global scope”, affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico.

In the United States, FedEx acknowledged it had been hit by malware and was “implementing remediation steps as quickly as possible.”

The UK’s state-run National Health Service declared a “major incident” after the attack, which forced some hospitals to divert ambulances and scrap operations.

The malware has been linked to an attack on the Spanish telecom giant Telefonica.Source:AP

Britain’s National Cyber Security Center says teams are working “round the clock” to restore hospital computer systems after a global cyberattack that hit dozens of countries forced British hospitals to cancel and delay treatment for patients.

In Spain, major firms including Telefonica were hit, with employees told to shut down workstations immediately through megaphone announcements.

The head of Turkey’s Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. Omer Fatih Sayan said the country’s cyber security center is continuing operations against the malicious software.

The Computer Emergency Response Team of Turkey tweeted that the “wannacry ransomware” is spread over Server Message Block flaws. The team asked users to update antivirus applications and not open suspicious phishing emails. The effects of the attack on Turkey is unclear.

Citing a written statement by BTK, Turkey’s official Anadolu news agency said the cyberattack affected 74 countries, “including Turkey in a small way.”

A woman passes by the headquarters of Russia's Rossiya Bank in St. Petersburg. Picture: AFPSource:AFP

Russia’s central bank said Saturday the country’s banking system was hit by a mass cyberattack, as several ministries and the railway system also reported attempted breaches.

The central bank’s IT attack monitoring centre “detected mass distribution of harmful software of the first and second type,” according to a central bank statement quoted by Russian news agencies.

“It did not detect instances of compromise”, of the systems of the country’s banks, the central bank added.

French carmaker Renault said Saturday that the huge global cyberattack had forced it to stop production at sites in France, shortly after it announced that output had been halted for the same reason at a site in Slovenia.

A spokeswoman for the company did not say how many sites were affected by the shutdown, which “was one of the measures taken to stop the virus from spreading.”

NHS hit by ‘direct infection’

At least 16 organisations within the NHS, some of them responsible for several hospitals each, reported being targeted.

“We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected,” said Prime Minister Theresa May.

Britain’s National Cyber Security Centre and its National Crime Agency were looking into the UK incidents.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (AU$409) in Bitcoin, saying: “Oops, your files have been encrypted!”

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

A screengrab taken from the website of the East and North Hertfordshire NHS alerting the public of “problems with our IT and telephone network”.Source:AP

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” Lance Cottrell, chief scientist at the US technology group Ntrepid.

“The ransomware can spread without anyone opening an email or clicking on a link.”

UK Ambulances diverted

NHS Incident Director Anne Rainsberry urged the British public to “use the NHS wisely while we deal with this major incident which is still ongoing”.

The sort of ransom demands seen on the NHS screens are not without precedent at medical facilities.

In February 2016, a Los Angeles hospital, the Hollywood Presbyterian Medical Center, paid $17,000 in Bitcoin to hackers who took control of its computers for more than a week.

“Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger,” said Kroustek, the Avast analyst.

The UK’s state-run National Health Service declared a “major incident” after the attack, which forced some hospitals to divert ambulances and scrap operations.Source:AFP

A spokesman for Barts Health NHS Trust in London said it was experiencing “major IT disruption” and delays at all four of its hospitals.

“We have activated our major incident plan to make sure we can maintain the safety and welfare of patients,” the spokesman said.

Ambulances are being diverted to neighbouring hospitals.”

Two employees at St Bartholomew’s Hospital, which is part of Barts Health, told AFP that all the computers in the hospital had been turned off.

Caroline Brennan, 41, went to the hospital to see her brother, who had open heart surgery.

“They told us there was a problem. They said the system was down and that they cannot transfer anyone till the computer system was back up so he is still in the theatre.”

The wave of cyberattacks wreaking havoc cross the globe is “at an unprecedented level”, European Union’s law enforcement agency Europol said Saturday.

The attacks will “require a complex international investigation to identify the culprits”, the agency, which is working with countries and companies hit by the attacks, said in a statement.