Seoul cyber experts warn of more attacks as North blamed

 

Image result for kim jong un photos, computer

SEOUL (AFP) – 

More cyberattacks could be in the pipeline after the global havoc caused by the Wannacry ransomware, a South Korean cybersecurity expert warned Tuesday as fingers pointed at the North.

More than 200,000 computers in 150 countries were hit by the ransomware attack, described as the largest ever of its kind, over the weekend.

Since Friday, banks, hospitals and state agencies have been among the victims of hackers exploiting vulnerabilities in older versions of Microsoft computer operating systems and demanding payment in the virtual currency Bitcoin.

The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures and the central bank of Bangladesh, said Simon Choi, director of Seoul internet security firm Hauri.

Choi, known to have vast troves of data on Pyongyang’s hacking activities, has publicly warned against potential ransomware attacks by the North since last year.

“I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targetting some South Korean companies,” he told AFP.

He cited a major attack last year that stole the data of over 10 million users of Interpark, a Seoul-based online shopping site, in which hackers demanded bitcoin payments worth about $3 million.

Seoul police blamed the North’s main intelligence agency for the attack.

More attacks were possible, Choi said, “especially given that, unlike missile or nuclear tests, they can deny their involvement in attacks in cyberspace and get away with it”.

Security researchers in the US, Russia and Israel have also reported signs of a potential North Korean link to the latest cyberattack, although there is no conclusive evidence of that.

Google researcher Neel Mehta posted computer code showing similarities between the “WannaCry” malware and a vast hacking effort widely attributed to Pyongyang.

The isolated, nuclear-armed state is known to operate an army of thousands of hackers operating in both the North, and apparently China, and has been blamed for a number of major cyberattacks.

In November 2014, Sony Pictures Entertainment became the target of the biggest cyberattack in US corporate history, linked to its release of North Korea satire “The Interview”, hated by Pyongyang.

Washington blamed Pyongyang for the hacking, a claim it denied — though it had strongly condemned the film, which features a fictional CIA plot to assassinate leader Kim Jong-Un.

Related:

**********************************

In Computer Attacks, Clues Point to Frequent Culprit: North Korea

SAN FRANCISCO — Intelligence officials and private security experts say that new digital clues point to North Korean-linked hackers as likely suspects in the sweeping ransomware attacks that have crippled computer systems around the world.

The indicators are far from conclusive, the researchers warned, and it could be weeks, if not months, before investigators are confident enough in their findings to officially point the finger at Pyongyang’s increasingly bold corps of digital hackers. The attackers based their weapon on vulnerabilities that were stolen from the National Security Agency and published last month.

Security experts at Symantec, which in the past has accurately identified attacks mounted by the United States, Israel and North Korea, found early versions of the ransomware, called WannaCry, that used tools that were also deployed against Sony Pictures Entertainment, the Bangladesh central bank last year and Polish banks in February. American officials said Monday that they had seen the same similarities.

All of those attacks were ultimately linked to North Korea; President Barack Obama formally charged the North in late 2014 with destroying computers at Sony in retaliation for a comedy, “The Interview,” that envisioned a C.I.A. plot to kill Kim Jong-un, the country’s leader.

The computer code used in the ransomware bore some striking similarities to the code used in those three attacks. That code has not been widely used, and has been seen only in attacks by North Korean-linked hackers. Researchers at Google and Kaspersky, a Moscow-based cybersecurity firm, confirmed the coding similarities.

.

Those clues alone are not definitive, however. Hackers often borrow and retrofit one another’s attack methods, and government agencies are known to plant “false flags” in their code to throw off forensic investigators.

“At this time, all we have is a temporal link,” said Eric Chien, an investigator at Symantec who was among the first to identify the Stuxnet worm, the American- and Israeli-led attacks on Iran’s nuclear program, and North Korea’s effort to steal millions from the Bangladeshi bank. “We want to see more coding similarities,’’ he said, “to give us more confidence.’’

The new leads about the source of the attacks came as technology executives raised an alarm about another feature of the attacks: They were based on vulnerabilities in Microsoft systems that were found by the N.S.A. and apparently stolen from it.

Source:https://www.nytimes.com/2017/05/15/us/nsa-hacking-shadow-brokers.html?rref=collection%2Fsectioncollection%2Fworld&action=click&contentCollection=world&region=rank&module=package&version=highlights&contentPlacement=1&pgtype=sectionfront&_r=0

Read the rest:

Advertisements

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,

One Response to “Seoul cyber experts warn of more attacks as North blamed”

  1. daveyone1 Says:

    Reblogged this on World Peace Forum.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: