2017年5月16日 星期二

Hackers Unleash Second NSA-Developed Cyber-Weapon On Dark Web

www.zerohedge.com

While a second variant of the WannaCry(pt) ransomware (based on NSA's EternalBlue exploit) was spreading across the globe yesterday, The FT reports criminal hacking groups have repurposed a second classified cyber weapon stolen from US spies and have made it available on the so-called dark web.

On Monday, the WannaCry attack, which hit 370,000 computers across 150 countries, appeared to slow. Europol, the European police agency, said the spread of the virus had stalled in Europe. But while infection rates have slowed, a Europol spokeswoman warned, "we do not think this is the end of the crisis. 

The hackers have already evolved the malware, and will probably continue to do so."

Notably as Europe woke up (and US opened), the infection rate started to rise once again...

But as The FT reports, intelligence and law-enforcement officials said they fear WannaCry may foreshadow a wave of similarly damaging attacks, as criminals and others race to make use of digital weapons that for years were only available to the most technologically sophisticated nation states.

At least a dozen other NSA tools are currently being discussed and worked on as the basis of potential new cyber weapons on hacking forums on the dark web, parts of the internet not accessible via normal search engines.

The hacking tool, developed by the US National Security Agency and called EsteemAudit, has been adapted and is now available for criminal use, according to security analysts.

As with the NSA’s EternalBlue, the tool on which WannaCry was based, EsteemAudit exploits a vulnerability in older versions of Microsoft’s Windows software in the way in which networked machines communicate with each other.

Ciaran Martin, director of the UK’s National Cyber Security Centre, said:

“There is a global ecosystem of cyber criminals and sophisticated hackers which are putting a lot of attack methodology into open-source.

“It gets modified and reused and upgraded. The volume of open-source exploits and that ecosystem are getting bigger.”

This is far from over.

2017年5月14日 星期日

黑客勒索肆虐 電腦保安協調中心籲三招防禦

on.cc東網專訊

因應包括中港台在內的全球多個地方電腦用戶,懷疑遭受「WannaCry」加密勒索軟件攻擊,香港電腦保安事故協調中心發出警報,指該勒索軟件極具侵略性,它會透過網絡掃描開啟微軟SMB服務的電腦,然後作出攻擊,呼籲電腦用戶立即採取三招防禦,包括執行Windows Update,安裝Microsoft安全公告MS17-010保安修補程式、使用防火牆保護網絡,不要暴露SMB服務,以及備用數據,並保留離線拷貝。

協調中心已和微軟公司方面聯繫,留意事態發展,得悉微軟亦因應今次大規模攻擊採取行動,包括為所有客戶提供額外安全更新,保護並擴展至Windows XP、Windows 8和Windows Server 2003的Windows平台。而今次攻擊並針對Windows 10,只要有下載3月份安全更新已可有效防禦,微軟呼籲用戶盡快升級至Windows 10,以確保保安措施是最新版本。

微軟公司亦指,這次網絡攻擊已影響數個區域的不同行業,公司的安全團隊已採取行動保護客戶,並已增修最新偵測與防護功能,以避免新的勒索軟件威脅(例如病毒軟件 Win32.WannaCrypt.)。