SAN FRANCISCO - Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.
The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.
"We recognize that we live in a new world," Microsoft President Brad Smith said during a speech on Tuesday at the RSA cyber security conference in San Francisco. "We're living amidst a generation of new weapons, and where cyberspace has become the new battlefield."
Smith, who led efforts to organize the alliance, said the devastating cyber attacks in 2017 demonstrated the need for the technology sector to "take a principled path toward more effective steps to work together and defend customers around the world."
It was not clear whether any companies would change their existing policies as a result of joining the accord.
Microsoft did not immediately respond to a series of questions about the accord, including whether the company had previously participated in government-sponsored offensive cyber operations or how the pledge would impact compliance with lawfully obtained surveillance orders in the United States or elsewhere.
The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.
It builds on an idea for a so-called Digital Geneva Convention that Smith rolled out at least year's RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.
Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.
In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.
The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.
Major US technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.
source: news.abs-cbn.com
The White House on Tuesday publicly accused North Korea of launching a massive cyberattack that hit 150 countries last May -- hobbling networks from Britain's public health system to FedEx.
"After careful investigation, the United States is publicly attributing the massive 'WannaCry' cyberattack to North Korea," said White House homeland security advisor Tom Bossert.
"We do not make this allegation lightly, we do so with evidence and we do so with partners," he added.
Exploiting a security flaw in Microsoft's Windows XP operating system, the malware infected an estimated 300,000 computers demanding ransom to decrypt data.
The United States is the latest country to point the finger of blame at Pyongyang, attribution which comes as part of a drive to exert "maximum pressure" on the regime.
As yet, no retaliatory measures have been announced.
Among the infected computers were those at Britain's National Health Service (NHS), Spanish telecoms company Telefonica and US logistics company FedEx.
London had already blamed North Korea, which hit a third of Britain's public hospitals.
Pyongyang then denied the allegation, saying it went "beyond the limit of our tolerance" and was a "wicked attempt to lure the international community into harboring greater mistrust of the DPRK."
US government under scrutiny
Questions had been raised about whether the US government acted in a timely manner to respond to the attack, with Microsoft accusing Washington of spotting the flaw and using it for its own ends.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Microsoft's Brad Smith said at the time.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," he said, claiming that the National Security Agency of spotting the flaw and saying nothing.
Bossert said that the United States kept only 10 percent of security flaws secret and had no policy of "stockpiling" or withholding information from potential targets.
Since coming to office Donald Trump has sought to put pressure on North Korea, as its reclusive leaders edge ever-closer to developing a ballistic missile that could deliver a nuclear warhead to the United States.
Amid a series of tests Trump's administration has appeared at odds over whether talks could offer a way out of the standoff.
National Security Advisor HR McMaster tried to clean up that question in an interview with the BBC, saying the United States wanted a peaceful solution: "Of course that's what we want but we are not committed to a peaceful resolution."
"We are committed to a resolution, we want the resolution to be peaceful. But, as the president has said, all options are on the table and we have to be prepared if necessary to compel the denuclearization of North Korea without the cooperation of that regime."
Trump's first National Security Strategy released Monday, declared that "North Korea seeks the capability to kill millions of Americans with nuclear weapons."
"Continued provocations by North Korea will prompt neighboring countries and the United States to further strengthen security bonds and take additional measures to protect themselves."
source: news.abs-cbn.com
FRANKFURT/MOSCOW/KIEV - A new cyber virus spread from Ukraine to wreak havoc around the globe on Wednesday, crippling thousands of computers, disrupting ports from Mumbai to Los Angeles and halting production at a chocolate factory in Australia.
The virus is believed to have first taken hold on Tuesday in Ukraine where it silently infected computers after users downloaded a popular tax accounting package or visited a local news site, national police and international cyber experts said.
More than a day after it first struck, companies around the world were still wrestling with the fallout while cyber security experts scrambled to find a way to stem the spread.
Danish shipping giant A.P. Moller-Maersk said it was struggling to process orders and shift cargoes, congesting some of the 76 ports around the world run by its APM Terminals subsidiary.
U.S. delivery firm FedEx Corp said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China's Cofco.
The malicious code locked machines and demanded victims post a ransom worth $300 in bitcoins or lose their data entirely, similar to the extortion tactic used in the global WannaCry ransomware attack in May.
More than 30 victims paid up but security experts are questioning whether extortion was the goal, given the relatively small sum demanded, or whether the hackers were driven by destructive motives rather than financial gain.
Hackers asked victims to notify them by email when ransoms had been paid but German email provider Posteo quickly shut down the address, a German government cyber security official said.
Ukraine, the epicentre of the cyber strike, has repeatedly accused Russia of orchestrating attacks on its computer systems and critical power infrastructure since its powerful neighbour annexed the Black Sea peninsula of Crimea in 2014.
The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the global cyber attack, which also struck Russian companies such as oil giant Rosneft and a steelmaker.
"No one can effectively combat cyber threats on their own, and, unfortunately, unfounded blanket accusations will not solve this problem," said Kremlin spokesman Dmitry Peskov.
ESET, a Slovakian company that sells products to shield computers from viruses, said 80 percent of the infections detected among its global customer base were in Ukraine, with Italy second hardest hit with about 10 percent.
ETERNAL BLUE
The aim of the latest attack appeared to be disruption rather than ransom, said Brian Lord, former deputy director of intelligence and cyber operations at Britain's GCHQ and now managing director at private security firm PGI Cyber.
"My sense is this starts to look like a state operating through a proxy ... as a kind of experiment to see what happens," Lord told Reuters on Wednesday.
While the malware seemed to be a variant of past campaigns, derived from code known as Eternal Blue believed to have been developed by the U.S. National Security Agency (NSA), experts said it was not as virulent as May's WannaCry attack.
Security researchers said Tuesday's virus could leap from computer to computer once unleashed within an organisation but, unlike WannaCry, it could not randomly trawl the internet for its next victims, limiting its scope to infect.
Bushiness that installed Microsoft's latest security patches from earlier this year and turned off Windows file-sharing features appeared to be largely unaffected.
There was speculation, however, among some experts that once the new virus had infected one computer it could spread to other machines on the same network, even if those devices had received a security update.
After WannaCry, governments, security firms and industrial groups advised businesses and consumers to make sure all their computers were updated with Microsoft security patches.
Austria's government-backed Computer Emergency Response Team (CERT) said "a small number" of international firms appeared to be affected, with tens of thousands of computers taken down.
Security firms including Microsoft, Cisco's Talos and Symantec said they had confirmed some of the initial infections occurred when malware was transmitted to users of a Ukrainian tax software programme called MEDoc.
The supplier of the software, M.E.Doc denied in a post on Facebook that its software was to blame, though Microsoft reiterated its suspicions afterwards.
"Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process," it said in a technical blog post.
Russian security firm Kaspersky said a Ukrainian news site for the city of Bakhumut was also hacked and used to distribute the ransomware to visitors, encrypting data on their machines.
CORPORATE CHAOS
A number of the international firms hit have operations in Ukraine, and the virus is believed to have spread within global corporate networks after gaining traction within the country.
Shipping giant A.P. Moller-Maersk, which handles one in seven containers shipped worldwide, has a logistics unit in Ukraine.
Other large firms affected, such as French construction materials company Saint Gobain and Mondelez International Inc, which owns chocolate brand Cadbury, also have operations in the country.
Maersk was one of the first global firms to be taken down by the cyber attack and its operations at major ports such as Mumbai in India, Rotterdam in the Netherlands and Los Angeles on the U.S. west coast were disrupted.
Other companies to succumb included BNP Paribas Real Estate , a part of the French bank that provides property and investment management services.
"The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures have been taken to rapidly contain the attack," the bank said on Wednesday.
Production at the Cadbury factory on the Australian island state of Tasmania ground to a halt late on Tuesday after computer systems went down.
Russia's Rosneft, one of the world's biggest crude producers by volume, said on Tuesday its systems had suffered "serious consequences" but oil production had not been affected because it switched to backup systems.
source: news.abs-cbn.com
WASHINGTON/FRANKFURT - Officials across the globe
scrambled over the weekend to catch the culprits behind a massive
ransomware worm that disrupted operations at car factories, hospitals,
shops and schools, while Microsoft on Sunday pinned blame on the US
government for not disclosing more software vulnerabilities.
Cyber
security experts said the spread of the worm dubbed WannaCry -
"ransomware" that locked up more than 200,000 computers in more than 150
countries - had slowed but that the respite might only be brief amid
fears new versions of the worm will strike.
In a blog post on
Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge
what researchers had already widely concluded: The ransomware attack
leveraged a hacking tool, built by the US National Security Agency, that
leaked online in April.
"This is an emerging pattern in 2017,"
Smith wrote. "We have seen vulnerabilities stored by the CIA show up on
WikiLeaks, and now this vulnerability stolen from the NSA has affected
customers around the world."
He also poured fuel on a
long-running debate over how government intelligence services should
balance their desire to keep software flaws secret - in order to conduct
espionage and cyber warfare - against sharing those flaws with
technology companies to better secure the internet.
"This attack
provides yet another example of why the stockpiling of vulnerabilities
by governments is such a problem," Smith wrote. He added that
governments around the world should "treat this attack as a wake-up
call" and "consider the damage to civilians that comes from hoarding
these vulnerabilities and the use of these exploits."
The NSA and White House did not immediately respond to requests for comment about the Microsoft statement.
Economic
experts offered differing views on how much the attack, and associated
computer outages, would cost businesses and governments.
The
non-profit US Cyber Consequences Unit research institute estimated that
total losses would range in the hundreds of millions of dollars, but not
exceed $1 billion.
Most victims were quickly able to recover infected systems with backups, said the group's chief economist, Scott Borg.
California-based
cyber risk modeling firm Cyence put the total economic damage at $4
billion, citing costs associated with businesses interruption.
US
President Donald Trump on Friday night ordered his homeland security
adviser, Tom Bossert, to convene an "emergency meeting" to assess the
threat posed by the global attack, a senior administration official told
Reuters.
Senior US security officials held another meeting in
the White House Situation Room on Saturday, and the FBI and the NSA were
working to help mitigate damage and identify the perpetrators of the
massive cyber attack, said the official, who spoke on condition of
anonymity to discuss internal deliberations.
The investigations
into the attack were in the early stages, however, and attribution for
cyber attacks is notoriously difficult.
The original attack lost
momentum late on Friday after a security researcher took control of a
server connected to the outbreak, which crippled a feature that caused
the malware to rapidly spread across infected networks.
Infected
computers appear to largely be out-of-date devices that organizations
deemed not worth the price of upgrading or, in some cases, machines
involved in manufacturing or hospital functions that proved too
difficult to patch without possibly disrupting crucial operations,
security experts said.
Microsoft released patches last month and
on Friday to fix a vulnerability that allowed the worm to spread across
networks, a rare and powerful feature that caused infections to surge on
Friday.
Code for exploiting that bug, which is known as "Eternal
Blue," was released on the internet last month by a hacking group known
as the Shadow Brokers.
The head of the European Union police
agency said on Sunday the cyber assault hit 200,000 victims in at least
150 countries and that number would grow when people return to work on
Monday.
MONDAY MORNING RUSH?
Monday was expected to
be a busy day, especially in Asia, which may not have seen the worst of
the impact yet, as companies and organizations turned on their
computers.
"Expect to hear a lot more about this tomorrow morning
when users are back in their offices and might fall for phishing
emails" or other as yet unconfirmed ways the worm may propagate, said
Christian Karam, a Singapore-based security researcher.
The attack hit organizations of all sizes.
Renault said it halted manufacturing at plants in France and Romania to prevent the spread of ransomware.
Other
victims include is a Nissan manufacturing plant in Sunderland,
northeast England, hundreds of hospitals and clinics in the British
National Health Service, German rail operator Deutsche Bahn and
international shipper FedEx Corp
A Jakarta hospital said on
Sunday that the cyber attack had infected 400 computers, disrupting the
registration of patients and finding records.
Account addresses
hard-coded into the malicious WannaCry virus appear to show the
attackers had received just under $32,500 in anonymous bitcoin currency
as of (1100 GMT) 7 a.m. EDT on Sunday, but that amount could rise as
more victims rush to pay ransoms of $300 or more.
The threat
receded over the weekend after a British-based researcher, who declined
to give his name but tweets under the profile @MalwareTechBlog, said he
stumbled on a way to at least temporarily limit the worm's spread by
registering a web address to which he noticed the malware was trying to
connect.
Security experts said his move bought precious time for organizations seeking to block the attacks.
(Additional
reporting by Jim Finkle, Neil Jerome Morales, Masayuki Kitano, Kiyoshi
Takenaka, Jose Rodriguez, Elizabeth Piper, Emmanuel Jarry, Orathai
Sriring, Jemima Kelly, Alistair Smout, Andrea Shalal, Jack Stubbs,
Antonella Cinelli, Kate Holton, Andy Bruce, Michael Holden, David
Milliken, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine
Siebold, Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai
Nguyen and Nick Zieminski; Editing by Mark Heinrich and Peter Cooney)
source: news.abs-cbn.com
A huge range of organizations around the world have been affected by the WannaCry ransomware cyberattack, described by the EU's law enforcement agency as "unprecedented."
Here are some of the most prominent victims, from Britain's National Health Service (NHS) to French carmaker Renault and the Russian interior ministry.
NHS
The British public health service - the world's fifth-largest employer, with 1.7 million staff -- was badly hit, with interior minister Amber Rudd saying around 45 facilities were affected. Several were forced to cancel or delay treatment for patients.
Pictures on social media showed screens of NHS computers with images demanding payment of $300 (230 pounds, 275 euros) in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"
Renault
The French automobile giant was hit, forcing it to halt production at sites in France and its factory in Slovenia as part of measures to stop the spread of the virus.
Nissan UK's unit in Sunderland was hit by the attack, spokeswoman Lucy Banwell said.
Russian banks and ministries
Russia's central bank was targeted, along with several government ministries and the railway system. The interior ministry said 1,000 of its computers were hit by a virus. Officials played down the incident, saying the attacks had been contained.
Germany railways
Germany's Deutsche Bahn national railway operator was affected, with information screens and ticket machines hit. Travellers tweeted pictures of hijacked departure boards showing the ransom demand instead of train times. But the company insisted that trains were running as normal.
Fedex
The US package delivery group acknowledged it had been hit by malware and said it was "implementing remediation steps as quickly as possible."
Telefonica
The Spanish telephone giant said it was attacked but "the infected equipment is under control and being reinstalled," said Chema Alonso, the head of the company's cyber security unit and a former hacker.
source: news.abs-cbn.com
