Is North Korea Really Responsible for the WannaCry Malware Attack?

northkorea-wannacry

According to some of the top cybersecurity researchers, like Symantec, Kaspersky Lab and Google, there seems to be some technical evidence that the WannaCry malware attack that is infecting and wrecking havoc on more than 300,000 computers in over 150 countries, has a connection to the North Korean-run hacking operation known as the Lazarus Group.

The Lazarus Group, which has widely been regarded as a Korean nation-state hacking group, that has been blamed for a recent string of bank heists and well as the 2014 Sony hack.

First Links To Suspicion

Speculation of a possible North Korea connection went live today after Google researcher Neel Mehta posted a cryptic tweet showing similar code elements of the two pieces of malware, with the hashtag #WannaCryptAttribution, and researcher Matthiu Suiche then tweeted a screenshot of the two code families, saying, “Similitude between #WannaCry and Contopee from Lazarus Group ! thx @neelmehta – Is DPRK behind #WannaCry ?”

After the intriguing tweets, Kaspersky Lab late today posted a blog outlining the similarities between the WannaCry and Lazarus Group code. They confirmed that the February ransomware variant is a precursor to the WannaCry attacks this month. “It shares the same the list file extension targets for encryption but, in the May 2017 versions, more extensions were added,” they wrote.
“Neel Mehta’s discovery is the most significant clue to date regarding the origins of Wannacry,” Kaspersky researchers wrote. But they say more research is necessary to more definitively connect any dots.

Source: Researchers Investigate Possible Connection Between WannaCry and North Korean Hacker Group

reuters-wannacry-howitworks-xl

The Link? Shared Computer Code

Apparently, a variant of WannaCry found in February shared some computer code with a hacking tool the Lazarus group used in 2015.

“For now, more research is required into older versions of Wannacry,” Kaspersky Lab said in a blog post. “We believe this might hold the key to solve some of the mysteries around this attack.”

On Monday, security firm Symantec also reported finding clues that may link WannaCry with the shadowy group. It’s found earlier versions of the ransomware on machines that have been compromised by hacking tools used by Lazarus, according to Vikram Thakur, technical director at the company.
“Shortly after these tools were found on these machines, we could see WannaCry files showing up,” he said.

 Source: The WannaCry ransomware might have a link to North Korea

 

Still Just Suspicions, No Smoking Gun…Yet.

Some experts also report that the evidence is very circumstantial. And that it’s not uncommon for tools used in other hacks or often leaked on the internet so anyone interested could also use the shared code.

A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. EDITORIAL USE ONLY. NO RESALES. NO ARCHIVE.?
A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS ATTENTION EDITORS – THIS IMAGE WAS PROVIDED BY A THIRD PARTY. EDITORIAL USE ONLY. NO RESALES. NO ARCHIVE.?

Hackers do reuse code from other operations, so even copied lines fall well short of proof.

U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

FireEye Inc (FEYE.O), another large cyber security firm, said it was also investigating a possible link.
“The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” FireEye researcher John Miller said.

Source: Researchers See Possible North Korea Link To Global Cyber Attack

 

Looks like we have to wait and see if the evidence the cybersecurity researchers come up with can say definitively whether or not who was the real culprit in these attacks. You can, however, rest assured knowing that some of the best and brightest are on the case and will get to the bottom of this.

View our CyberSecurity section for more stories like this and other cybersecurity news.

 

Advertisements

New Cybersecurity Tool To Help HR Find Qualified Applicants

cybersecurity-skills-assesment-testingWhat’s going on with the CyberSecurity Industry’s talent, or lack thereof?

In today’s tech climate, not only are there 80,000 Entry-Level, Non-Sexy Tech Jobs that Undergrads Don’t Want, as we saw in yesterday’s post, but it looks like when they finally do apply the majority of applicants turn out to be unqualified.

“On average, 59 percent of enterprises get at least five applicants for each open cybersecurity position, but most of these applicants are unqualified,” the report states.

Most organizations surveyed are focused on hiring cybersecurity experts who have hands-on experience and certification rather than formal education. But, according to the report, in a newly burgeoning field, that’s hard to find.

“Almost 27 percent of respondents state that they are unable to fill open cybersecurity positions in their enterprises—with another 14 percent of respondents unaware as to whether their enterprises could fill these positions or not,” the report states.
Source: REPORT: INDUSTRY GROUP RAISES ALARM ABOUT CYBERSECURITY SKILLS GAP

Help is Available

But ISACA is looking to fix that by helping HR departments find the most qualified it pros with their certification platform, which provides a 2-hour test that will report on strength and weaknesses of a candidate as well as offer performance based online training.

“It is all virtual machines, which means in each particular lab you’re talking to a real firewall, a real DMZ, a real web server, a real database server, whatever the configuration happens to be,” Chief Innovation Officer Frank Schettini explained to Associations Now. “And they’re actually up and live up in the cloud, so it is actually a real-time lab.”
Source: NEW TOOL LETS HR TEST APPLICANTS’ CYBERSECURITY SKILLS

Streamlining The Process

It helps HR easily test competencies of a cybersecurity candidate as well as letting managers improve their existing IT employees.

“Now instead of going through a process of blindly hiring someone, you go through the process of having them run the skills assessment test, reading the results, and then deciding whether you want to hire the individual,” Schettini said.

“What this tool allows you to do is … know up front before you hire them what type of training investment you’re going to want to do to bring them on board,” he continued. “So the hiring process becomes much more straightforward—you know what you’re getting, you know what training program you want to set up—and the beauty of the platform is you can leverage the platform any way you want to set up that training program.”

Source: NEW TOOL LETS HR TEST APPLICANTS’ CYBERSECURITY SKILLS

Hopefully, this tool, along with a real concerted effort to teach the much-needed cybersecurity skills to the new crop of it professionals, will help us close our rather large current skills gap.

You can always come here for the latest news for IT and Telecom Professionals

ShoreTel Looking to Recover Now that It Is Oversold, Can It?

shortel-nasdaq-oversold

There is now some hope and optimism that ShoreTel (SHOR) . Over the last 60 days it has been on an upward trend.

The reason is that ShoreTel’s RSI reading is 28.49. What is RSI?

According to NASDAQ.com

RSI stands for ‘Relative Strength Index’ and it is a popular indicator used by technically focused investors. It compares the average of gains in days that closed up to the average of losses in days that closed down; readings above 70 suggest an asset is overbought, while an RSI below 30 suggests undervalued conditions are present.

 

SHORETEL-rsi-marketvolume_
Source: http://www.marketvolume.com

 

That alone would suggest that there is light at the end of that tunnel. But couple that with a #1 Zack Rank and now things are starting to look much more positive for SHOR

If this wasn’t enough, ShoreTel also has a Zacks Rank #1 (Strong Buy) which puts it into rare company among its peers. So, given all of these factors, investors may want to consider getting in on this stock now (or holding on), as there are some favorable trends that could bubble up for this stock before long.

Source: ShoreTel (SHOR) is Oversold: Can It Recover?

Visit us here for more information on Shoretel Business Phones

Cisco Welcomes The House Passage of the Email Privacy Act

cisco-email-act

The House of Representatives unanimously passed the Email Privacy Act, a bill that would reform ECPA ( Electronic Communications Privacy Act) were it to become law on Monday evening.

What is the ECPA and why does it need to be reformed?

In the beginning, ECPA protected Americans’ e-mail from warrantless surveillance — despite ECPA allowing the government to access e-mail without a court warrant if it was six months or older and stored on a third-party’s server. The tech world now refers to these servers as “the cloud,” and others just think of Hotmail, Yahoo Mail, Facebook and Gmail.

ECPA was adopted at a time when e-mail, for example, wasn’t stored on servers for a long time. Instead, e-mail was held there briefly before recipients downloaded it to their inbox on software running on their own computer.

During the Reagan administration, e-mail more than six months old was assumed abandoned, and that’s why the law allowed the government to get it without a warrant. At the time, there wasn’t much of any e-mail for the authorities to acquire because a consumer’s hard drive — not the cloud — hosted their inbox.

Source: Aging ‘Privacy’ Law Leaves Cloud E-Mail Open to Cops

 

Now with the Email Privacy Act passed it should help to reform the most outdated elements of the ECPA.

In particular, it would newly require government agencies to obtain a warrant before seizing a criminal suspect’s online communications that are more than 180 days old. Under the ECPA’s existing logic, those older communications are considered abandoned, and thus not subject to a reasonable expectation of privacy.

Source: Passing the Email Privacy Act Has Never Been More Urgent

Basically

The legislation would require authorities such as the U.S. Department of Justice and Securities and Exchange Commission to obtain a search warrant to access emails, data in cloud storage and other digital communications more than 180 days old.[4][5]

Under current law—the Electronic Communications Privacy Act (ECPA) of 1986—authorities can obtain such data by issuing an administrative subpoena to an Internet service provider, without the need to obtain judicial approval.[4][5][6] The Congressional Research Service reported in 2015 that: “In recent years, ECPA has faced increased criticism from both the tech and privacy communities that it has outlived its usefulness in the digital era and does not provide adequate privacy safeguards for individuals’ electronic communications. In light of these concerns, various reform bills have been introduced in the past several Congresses…”[7]

The Email Privacy Act would codify as federal law the decision of the United States Court of Appeals for the Sixth Circuit in United States v. Warshak (2010). In that case, the Sixth Circuit held that the Fourth Amendment to the United States Constitution requires that the government obtain a warrant before accessing emails stored online (e.g., in the cloud).[6][8][9] The Warshak ruling currently applies only to the Sixth Circuit; the Email Privacy Act would extend its rule nationwide.[6][8]

Source: Wikiepedia Email Privacy Act

Cisco-Logo

 

Cisco is firmly behind the Email Privacy Act and has stated publicly that they have

..long supported updating the Electronic Communications Privacy Act (ECPA) to better protect customer data and communications stored with third-party providers against unwarranted searches and seizures. We, therefore, applaud the unanimous voice vote in the U.S. House of Representatives to pass the Email Privacy Act (H.R. 387) introduced by Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO).

This bipartisan legislation would require the government to obtain a probable cause warrant before demanding access to customer data in the cloud. We firmly believe that data stored in the cloud must receive equivalent legal protections against search and seizure to those accorded physical papers and electronic data stored on premises.

Source: Cisco Applauds Unanimous House Vote Passing Email Privacy Act

Today the house took a major step forward. Technology has made incredible advances over the years and it was about time the privacy laws catch up.

For more Telecommunications News click here.