New Threats Fuel Fears of Another Global Cyberattack

A new attack hit thousands of computers and a hacking group said it would release more attack software

Staff monitor the spread of ransomware cyberattacks at the Korea Internet and Security Agency in Seoul on May 15. Businesses and security experts fear more cyberattacks could be in the pipeline.

Staff monitor the spread of ransomware cyberattacks at the Korea Internet and Security Agency in Seoul on May 15. Businesses and security experts fear more cyberattacks could be in the pipeline. PHOTO: YONHAP/AGENCE FRANCE-PRESSE/GETTY IMAGES
.

Updated May 17, 2017 8:01 p.m. ET

A new fast-spreading computer attack and a hacking group’s threat to release a fresh trove of stolen cyberweapons are fueling fears among businesses and security experts of another global technology assault.

 

The new attack, called Adylkuzz, follows last week’s WannaCry outbreak, which crippled computers in more than 100 countries over the weekend. Both attacks rely on a Windows bug that was patched on March 14 and only affect PCs that haven’t installed the latest version of Microsoft’s software updates. Unlike its predecessor, Adylkuzz doesn’t lock up computer screens; it slows down systems as it quietly steals processing power to generate a little-known digital currency called Monero.

Adylkuzz began spreading about two weeks ago and by Wednesday had infected more than 150,000 machines around the globe, according to Ryan Kalember, senior vice president with the security intelligence firm Proofpoint Inc. PFPT -5.80% That is nearly the same count as WannaCry, which has largely stopped spreading, security experts said. Security company Kaspersky Lab ZAO pegged the number of Adylkuzz infections at just several thousand by Wednesday.

The news comes a day after a hacking group called the Shadow Brokers separately posted an internet message saying it would release a new trove of cyberattack tools next month. The group claimed to have software that would affect web browsers, routers, mobile phones and Microsoft Corp.’s Windows 10 operating system. Its first trove, which it and Microsoft said was stolen from the National Security Agency, was dumped last month and used by WannaCry.

The spread of the ransom malware that wreaked global havoc over the weekend appears to be slowing down, but how bad was the damage, and who’s to blame? WSJ’s Tanya Rivero has four things you need to know. Photo: European Pressphoto Agency
.

A Microsoft spokeswoman said the company is aware of the new Shadow Brokers claim and that its security teams actively monitor for emerging threats. The NSA has declined to comment on the authenticity of the Shadow Brokers documents or the WannaCry attack.

The threats highlight the growing risks of global assaults for businesses and governments posed by a nexus of mysterious hackers and powerful, government-crafted cyberweapons.

“In a few years we’re going to be looking back and saying that 2017 was clearly a turning point,” said Edward Amoroso, the former security chief at AT&T Inc. “That’s when we started to see businesses affected. If your employees are coming in and they can’t work, that’s a big deal.”

For companies looking to protect their systems, security experts agree on one piece of advice: install patches to Windows software now.

Still, that may not be enough to stop the next attack. “There’s no wall you can build that’s high enough or deep enough to keep a dedicated adversary out,” said John Carlin, a former cybercrimes prosecutor at the Justice Department.

Larger companies will need to step up their security training, patching and planning, he says. Smaller mom-and-pop businesses may need to hand over security to companies that specialize in these services. “It’s crazy to expect a mom-and-pop to on their own have to deal with cybersecurity issues,“ said Mr. Carlin, now the chair of the law firm Morrison & Foerster LLP’s global risk and crisis management practice.

A programmer shows a sample of decrypting source code in Taipei on May 13.

A programmer shows a sample of decrypting source code in Taipei on May 13. PHOTO: RITCHIE B. TONGO/EPA
.

The scope and intensity of the WannaCry cyberattack will bring staffing, investment and policy under review, security chiefs and CIOs have said. Corporate computer security spending is expected to hit $90 billion world-wide this year, an increase of 7.6% from a year earlier, according to research firm Gartner Inc.

That increased spending has helped drive up share prices at security companies such asRapid7 Inc., FireEye Inc. and Symantec Corp. , all of whom have seen shares rise by more than 25% this year.

The recent attacks were much more widespread in Russia, India, Ukraine and Taiwan, Kaspersky said. And while that may have prevented many U.S. companies from feeling the full brunt of the latest attacks, that comes as small consolation for local governments and small- or medium-size businesses that must defend against these threats with limited budgets. The attacks “just keep ratcheting up year after year,” said Dan Lohrmann, chief security officer with the training company Security Mentor Inc. and Michigan’s former chief security officer. “You think it can’t go any higher but every year it does.”

The Shadow Brokers’ release of what it says are U.S. government hacking tools comes after WikiLeaks in March published a cache of alleged Central Intelligence Agency cybersecrets, offering a window into a world where the research and development of computer attacks has become increasingly professionalized.

The stage for today’s cyberattacks was set more than a decade ago. In the mid-2000s, Microsoft, embarrassed by a series of computer worm and virus outbreaks, began to comb through its software for bugs and develop new coding techniques designed to thwart hackers. At the same time, hackers discovered they could command large fees for their work. Apple Inc., for example, pays $200,000 for details on the most severe bugs affecting its software. Government agencies and private corporations often pay more, especially if the research includes “exploit code” that can be used in an attack. Last year, the Federal Bureau of Investigation paid more than $1 million for a hacking tool that gave it access to the iPhone used by the gunman in the San Bernardino, Calif., attack.

These factors have slowed the flow of bugs and the tools that exploit them on public venues, where they were once freely—and more frequently—disclosed, said David Aitel, chief executive at Immunity Inc., a computer-security services company. “There’s a scarcity of high-quality attack tools,” he said.

But if companies thought the risk of attacks had evaporated, WannaCry served as a wake-up call. And the attack could have been much worse if it had made sensitive corporate information public, said Mr. Aitel, a former NSA analyst.

Recent events are “a taste of the kind of threats we may be facing going forward,” said Virginia Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, which oversees the nation’s spy agencies. “I’m not sure if the whole of government—or for that matter, the whole of society—is fully prepared.”

While few victims appear to have paid the $300 ransom WannaCry demanded from affected users, the software affected hundreds of thousands of systems, including networks at Renault SA and Britain’s public health service. It not only rendered computers unusable but deployed encryption to make data stored on them unreadable.

Another computer worm may soon appear, either based on the Shadow Brokers’ code used by WannaCry or similarly devastating code released by Shadow Brokers in April that was used on Microsoft’s Remote Desktop Protocol software, said Robert M. Lee, chief executive of security consultancy Dragos Inc.

There’s no wall you can build that’s high enough or deep enough to keep a dedicated adversary out.

—John Carlin

And while it isn’t known yet how dangerous any new releases might be, “everything the Shadow Brokers have talked about leaking so far has been legitimate,” he said.

Microsoft, whose Windows software is the most frequent target of attacks, is calling on governments to report software flaws rather than stockpiling or exploiting them.

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Brad Smith, the company’s top lawyer, wrote in a blog post Sunday.

Given the widespread use of these attacks, and the fact that nations such as North Korea are unlikely to abide by international cybersecurity conventions akin to those proposed by Microsoft, Immunity’s Mr. Aitel says such suggestions aren’t likely to be adopted. “No country on earth thinks this is a good idea,” he said.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

Appeared in the May. 18, 2017, print edition as ‘Cyberthreats Breed Deep Unease.’

https://www.wsj.com/articles/new-threats-fuel-fears-of-another-global-cyberattack-1495042636

Advertisements

Tags: , , , , , , , , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: