Australia ‘ready for cyber attack’
THE federal government promises it will remain vigilant, as a group orchestrating cyber attacks wreaks havoc worldwide.
On Friday, a massive wave of cyber attacks swept across 99 countries, with cyber security experts claiming it could be the biggest attack of its kind ever recorded.
Despite the fact that - so far - there have been no confirmed reports of attacks on Australian organisations, Cyber Security Minister Dan Tehan has admitted that doesn't mean we're not at risk.
"I cannot put my hand on my heart and say that means we are 100 per cent cyber secure," he told reporters in Perth today.
"The technology changes, the vulnerabilities change."
Earlier, Prime Minister Malcolm Turnbull insisted that even if we are targeted, the government is prepared.
"We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia's critical infrastructure," he said through a spokesman.
The attacks, believed to be part of an extortion plot, have so far created chaos in hospitals in Britain as well as the Spanish telecom giant Telefonica and the US delivery firm FedEx.
Cyber extortionists have tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $US300 ($AU406) to $US600 ($AU812) to restore access.
The hackers have not come forward to claim responsibility but a mysterious hacking organisation, called Shadow Brokers, is being blamed for the attack - possibly in retaliation for US air strikes on Syria.
In April, Shadow Brokers released a piece of National Security Agency (NSA) code known as "Eternal Blue", as part of a trove of hacking tools they said belonged to the US spy agency.
The Eternal Blue code gives access to all computers using Microsoft Windows, the world's most popular computer operating system. The NSA had developed it to gain access to computers used by terrorists and enemy states.
It is believed that Eternal Blue, having been dumped by Shadow Brokers, was then picked up by a separate crime gang which used it to launch the extraordinary worldwide cyber security breach.
According to The Telegraph, some experts believe the timing of this cyber dump is significant and indicates that Shadow Brokers has links to the Russian government.
In an internet posting, six days before it hacked the NSA and released the Eternal Blue code on April 14 - and a day after the first air strikes - Shadow Brokers appeared to issue a warning to US President Donald Trump.
"Respectfully, what the f*** are you doing? The Shadow Brokers voted for you. The Shadow Brokers supports you. The Shadow Brokers is losing faith in you. Mr Trump helping the Shadow Brokers, helping you. Is appearing you are abandoning 'your base', 'the movement', and the peoples who getting you elected," the group said in broken English in a statement, according to The Telegraph.
UPDATE YOUR SOFTWARE
Experts are now urging Microsoft users to update their software.
Microsoft has released software patches for the security holes, although not everyone has installed those updates.
"If your software is not patched, you can exploit that user. Anyone who applied the patch that Microsoft released likely wasn't affected by this," John Villasenor, a professor at the University of California, Los Angeles said.
Mr Villasenor also said users should regularly back up their data and ensure that security updates are installed on their computer as soon as they are released. Up-to-date backups make it possible to restore files without paying a ransom.
BIGGEST IN HISTORY
Cyber security experts are calling the hack the biggest attack of its kind ever recorded.
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, has called it "the biggest ransomware outbreak in history".
Another expert, Chris Wysopal of the software security firm Veracode, said he believes criminal organisations are behind the attack, given how quickly the malware spread.
"For so many organisations in the same day to be hit, this is unprecedented," Mr Wysopal said.
There are currently no confirmed reports Australian organisations have been hit by the cyber breach but the federal government said it will remain vigilant.
"We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia's critical infrastructure," Prime Minister Malcolm Turnbull said through a spokesman on Saturday.
The prime minister's right-hand man on cyber security, Alastair MacGibbon, is working with officials and health agencies to determine any impact on Australia.
But the US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world."
"We are now seeing more than 75,000 detections ... in 99 countries," Jakub Kroustek of the security firm Avast said in a blog post around 2000 GMT.
Earlier, Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating "worm," was spreading quickly.
MALICIOUS EMAIL ATTACK
Forcepoint Security Labs said that "a major malicious email campaign" consisting of nearly five million emails per hour was spreading the new ransomware.
The malware's name is WCry, but analysts were also using variants such as WannaCry.
Forcepoint said in a statement that the attack had "global scope", affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico.
In the United States, FedEx acknowledged it had been hit by malware and was "implementing remediation steps as quickly as possible."
The UK's state-run National Health Service declared a "major incident" after the attack, which forced some hospitals to divert ambulances and scrap operations.
In Spain, major firms including Telefonica were hit, with employees told to shut down workstations immediately through megaphone announcements.
Russia's interior ministry also confirmed Friday some of its computers had been hit by a "virus attack".
Ministry spokeswoman Irina Volk told Russian news agencies it had "recorded a virus attack on the ministry's personal computers controlled by a Windows operating system".
"The virus has been localised. Technical work is under way to destroy it and renew the means of virus protection," she said.
Volk added that some 1,000 computers - less than one per cent of their total number - had been affected, Interfax reported.
An unnamed source told Interfax that the attack had not led to any information leaks.
The ministry's statement comes as an increasing number of cyber strikes are reported around the world, including against dozens of British hospitals.
Russian telecom operator MegaFon said it had also been victim of a cyber attack on Friday that interrupted the work of its call centres.
"We needed to partly turn off whole networks internally so the virus didn't spread," RIA Novosti news agency quoted MegaFon public relations director Pyotr Lidov as saying.
At least 16 organisations within the NHS, some of them responsible for several hospitals each, reported being targeted.
"We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.
This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected," Prime Minister Theresa May said.
Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents.
Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 ($AU406) in Bitcoin, saying: "Oops, your files have been encrypted!".
It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.
Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.
"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email," Lance Cottrell, chief scientist at the US technology group Ntrepid.
"The ransomware can spread without anyone opening an email or clicking on a link."
- With AFP, AP and AAP