Local security experts weighs in on worldwide cyber attack


The state-run People's Daily compared the cyber attack to the terrorist hacking depicted in the U.S. film "Die Hard 4", warning that China's role in global trade and internet connectivity opened it to increased risks from overseas. He added that the rate of infection has slowed over the weekend.

Lieu, who noted on his Web site that he is "one of only four computer science majors serving in Congress", supports changing the vulnerabilities equities process (VEP) to ensure greater transparency in how the federal government notifies software companies about bugs it identifies. "Yet, when a serious vulnerability is discovered in software, many companies respond slowly or say it's not their problem". Research into defensive methods and better strategies for patching systems is less sexy than over-hyped zero-day vulnerabilities or imaginary "cyber-missiles", but it is the surest path to a more secure internet for everyone. "They've been able to manage through it".

The UK government has defended the NHS's cyber-security procedures, days after a number of trusts were taken offline by the WannaCry ransomware. The initial attack had started after many offices had closed Friday. If a more recent version of Windows is running on the computer and it stays up-to-date, it should not be vulnerable to the current attack or WannaCry. NIC is monitoring more than 100 websites of state departments, institutions and colleges. "On China's most prestigious college campuses, students reported being locked out of their final papers".

Here are the steps to prevent your computer from the attack, as reported by CNET.

Affected Windows systems include everything from Windows Vista, Windows Server 2008, Windows 7, Windows 8.x, Windows Server 2012, Windows 10 and Windows Server 2016. Hackers then demand hundreds of dollars in ransom saying the files would be destroyed unless the money was paid.

More news: US Attorney General Jeff Sessions orders crackdown on drug traffickers

"The recent attack is at an unprecedented level and will require a complex global investigation to identify the culprits", Europol's European Cybercrime Center says. It asked for a ransom payment of $300 in bitcoin to unlock the computer.

The WannaCry or WannaCrypt ransomware attack deployed a Windows exploit that the National Security Agency had used for its own purposes until it was leaked in April by the hacking group Shadow Brokers. He says that when the NSA lost control of the software behind the cyberattack, it was like "the USA military having some of its Tomahawk missiles stolen". A researcher from Google posted on Twitter that an early version of WannaCrypt from February shared some of the same programming code as malicious software used by the Lazarus Group, the alleged North Korean government hackers behind the destructive attack on Sony in 2014 and the theft of $81m from a Bangladesh central bank account at the New York Fed past year. One month earlier, Microsoft had released a patch targeting the vulnerability. The VEP is meant to balance the advantages gained by keeping a given software vulnerability secret versus the potential risks to the world at large.

"This was not a tool developed by the NSA to hold ransom data", homeland security adviser Bossert said at Monday's White House briefing. But we note that it's no accident that the expert, who prefers to remain anonymous and uses the name Malware Tech, registered a domain name that was called out in the code and used it to stop the worm from spreading.

"Variants are coming up with code changes and the kill switch removed but with less impact to be seen", said Abhishek Anand, cofounder of Fallible, a Bangalore-based cybersecurity startup.

The news came as health minister Jeremy Hunt confirmed that there had been no dreaded "second wave" of attacks following the initial assault last Friday.