Experts warn of fresh cyber-attack Monday

Adjust Comment Print

Microsoft is now confirming that the WannaCrypt exploits used in the attack on Friday were drawn from the trove of exploits stolen from the NSA.

The global "ransomware" cyberattack hit computers at 600 locations in Japan, but appeared to cause no major problems as people in the country started their workday Monday, even as the attack caused chaos elsewhere. Security experts say this attack should wake up every corporate board room and legislative chamber around the globe.

The attack, known as "WannaCry" had a major impact across Asia as workers there returned to work on Monday, with Chinese state media saying nearly 30,000 institutions there had been infected.

"We have seen no impact on our critical infrastructure, we have seen no impact in the health systems which is important, we have had no reports of any government agencies, state, territories or commonwealth impacted by this", MacGibbon said.

"We're obviously working with that business, the Australian Cyber Security Centre is engaging with them". Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe. "The current variant will make its way into anti-virus software".

A Bitcoin (virtual currency) paper wallet with QR codes and coins are seen in an illustration picture taken at La Maison du Bitcoin in Paris July 11, 2014. WannaCry exploited common techniques employees use to share files via a central server. It is self-replicating, so propagates the infection to other computers that respond to SMBv1 requests. It spreads from computer to computer as it finds exposed targets.

Dr Dreyfus said Windows computers that don't have the latest security patches were vulnerable to the bug, urging Australians to ensure their antivirus software was up to date.

After obtaining a sample of the malware, the researcher going by the name MalwareTech discovered that it queried an unregistered domain.

FOI requests revealed defunct systems were still in use across the NHS.

But the kill switch couldn't help those already infected.

One of the first "attacks" on the internet came in 1988, when a graduate student named Robert Morris Jr. released a self-replicating and self-propagating program known as a "worm" onto the then-nascent internet.

What can I do to protect myself?

Experts say the spread of the virus had been stymied by a security researcher in the United Kingdom hackers have issued new versions of the virus that cyber security organizations are actively trying to counter and stamp out.

Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.

Security experts said the attack appeared to be caused by a self-replicating piece of software that takes advantages of vulnerabilities in older versions of Microsoft Windows.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March.

Among the first is Microsoft, which rushed out an emergency patch for Windows XP on Friday, after formally ending support for the operating system three years ago.

Security researcher Troy Hunt also recommends making sure SMB ports (139,445) are blocked from all externally accessible hosts. "You want the curiosity of the good guys to be unleashed as much as possible".