Jump to content

Massive Cyberattack Hits More Than 200,000 Companies


tao

Recommended Posts

Bloomberg Mark Barton and Vonnie Quinn report on a massive cyberattack impacting thousands of companies worldwide. They speak on "Bloomberg Markets." (Source: Bloomberg)

 

< Here > and

< Many firms hit by global cyber-attacks > and

< Massive ransomware attack is causing chaos in airports, banks and more worldwide > and

< WannaCry Déjà Vu: Petya Ransomware Outbreak Wreaking Havoc Across the Globe >

Link to comment
Share on other sites


  • Replies 15
  • Views 886
  • Created
  • Last Reply

 

Quote

 

Ukraine cyber attack: Chaos as national bank, state power provider and airport hit by hackers

Russian energy firms and Danish shipping company also hit by hackers

 

Ukraine’s national bank, state power company and largest airport are among the targets of a huge cyber attack on government infrastructure.

Rozenko Pavlo, the deputy Prime Minister, said he and other members of the Ukrainian government were unable to access their computers.

“We also have a network 'down',” he wrote. “This image is being displayed by all computers of the government.”

The photo showed his PC displaying a message claiming a disk “contains errors and needs to be prepared”, urging the user not to turn it off.

Ukrainian state-run aircraft manufacturer Antonov was among the companies hit, along with power distributor Ukrenergo, which said the attack did not affect power supplies.

The National Bank of Ukraine said an “unknown virus” was to blame, saying several unnamed Ukrainian banks were affected  along with financial firms. 

“As a result of cyber attacks, these banks have difficulties with customer service and banking operations,” a statement said.

 

 

Cyber attack hit 200,000 victims across 150 countries, says Europol chief

“The National Bank bank is confident that the banking infrastructure's defence against cyber fraud is properly set up and attempted cyber attacks on banks' IT systems will be neutralised.”

Oschadbank, one of Ukraine's largest state-owned lenders, said some of its services had been affected by a “hacking attack” but guaranteed that customer data was safe.

Computers and departure boards at Boryspil International Airport in Kiev – the largest in Ukraine – were also down.

 

 

“The official site of the airport and the scoreboard with the schedule of flights aren't working!” the airport’s acting director, Pavel Ryabikin, wrote on Facebook.

The Ukrposhta state postal service, television stations and transport were also affected by the attack, which left Kiev metro passengers unable to pay using bank cards.

The website of Boryspil International Airport during a cyber attack targeting Ukrainian infrastructure on 27 June 2017

Many ATMs were disabled, displaying the message left by hackers, as were tills in supermarkets.

 

 

Maersk said its IT systems were down across “multiple sites and businesses due to a cyber attack”, although it was unclear whether it was related to the situation in Ukraine.

The Danish business congolmerate is the largest container shipping company in the world and also operates in the oil and gas sectors.

 

Rosneft, a Russian government-owned oil firm, said it was also targeted by a “massive hacker attack” on its servers, as was steel maker Evraz.

“The cyber attack could lead to serious consequences, however, due to the fact that the Company has switched to a reserve control system, neither oil production nor preparation processes were stopped,” a statement from Rosneft said.

 

There were confirmed reports of the virus spreading to countries including Spain, France and India.

The cyber attack – a day before Ukraine marks its Constitution Day - struck hours after a high-ranking intelligence officer was assassinated in a car bombing in Kiev.

Police said Colonel Maksim Shapoval, a member of the defence ministry’s main intelligence directorate, was killed in the “terrorist act” on Tuesday.

Ukraine has blamed Russia for repeated cyber attacks targeting crucial infrastructure during the past three years, including one on its power grid that left part of western Ukraine temporarily without electricity in December 2015.

 

Relations between Kiev and the Kremlin collapsed in 2014 following Moscow's annexation of Crimea and support for pro-Russian separatists in eastern Ukraine, where fighting continues despite a ceasefire agreement.

The UK’s Houses of Parliament were targeted in a separate attack on Friday that compromised up to 90 accounts as part of efforts to access the accounts of MPs, peers and their staff by searching for weak passwords.

 

Less than 1% of the system's 9,000 users were directly impacted by the “determined and sustained” attack, officials said, but some functions were temporarily shut down as a precaution.

An increasing number of global cyber attacks, including those targeting the election campaigns of Hillary Clinton and Emmanuel Macron, have sparked warnings of a “permanent war” online.

Guillaume Poupard, director general of the National Cybersecurity Agency of France (ANSSI) said intensifying attacks were coming from unspecified states, as well as criminal and extremist groups.

“We must work collectively, not just with two or three Western countries, but on a global scale,” he added, saying attacks could aim at espionage, fraud, sabotage or destruction.

“We are getting closer, clearly, to a state of war - a state of war that could be more complicated, probably, than those we've known until now.”

 

http://www.independent.co.uk/news/world/europe/ukraine-cyber-attack-hackers-national-bank-state-power-company-airport-rozenko-pavlo-cabinet-a7810471.html

 

Link to comment
Share on other sites


*********** KILLSWITCH
Local kill switch - create file "C:\Windows\perfc"

It kills WMI vector. Still need to patch MS17-010 for full protection. [NO PROOF]

 

Source in my 1st post.

 

Credit to kill switch finder & Source here

Link to comment
Share on other sites


man i know paid 300 bucks today or his factory ,pretty big one, could to loose about 20k USD.

Link to comment
Share on other sites


stylemessiah
3 hours ago, Dodel said:
*********** KILLSWITCH
Local kill switch - create file "C:\Windows\perfc"

It kills WMI vector. Still need to patch MS17-010 for full protection. [NO PROOF]

 

Source in my 1st post.

 

Credit to kill switch finder & Source here

unproven and speculation

stop reading twitter for your IT solutions....

Link to comment
Share on other sites


3 hours ago, stylemessiah said:

unproven and speculation

stop reading twitter for your IT solutions....

 

Why not read twitter. Amit works for a cybersecurity company and does reverse engineering.  He's putting out information to test and then verify. You don't need a webpage to post information on malware research.  Of course people who aren't involved in security professionally probably don't realize that most of the security work collaboration takes place on twitter or facebook because many people from many areas can participate and share information in real time.  It's just another tool.  And probably a better use of those two social sites than what most people use them for.

Link to comment
Share on other sites


AMEN to that stray.  I cant stand posts like OMG this is bullshit and doesnt say anything else.  Also post's like Having dinner and then going to bed and thats it im like what a complete waste of my time.  A friend of mine is in IT to and he posted some security articles that were good reading and thats what I want to read.  One of the main reasons I visit my facebook to keep updated on family matters and to read entertainment post's not stupid bullshit like fishs I love them.

Link to comment
Share on other sites


  • Administrator

Quite concerning all this.

 

The confusing updates mechanism does not make it easy either. What I mean is that no, there should not have been a cumulative update for the SMB fix, but a single, same version for all the OSes, SMB fix specific update for it.

Link to comment
Share on other sites


stylemessiah
9 hours ago, straycat19 said:

 

Why not read twitter. Amit works for a cybersecurity company and does reverse engineering.  He's putting out information to test and then verify. You don't need a webpage to post information on malware research.  Of course people who aren't involved in security professionally probably don't realize that most of the security work collaboration takes place on twitter or facebook because many people from many areas can participate and share information in real time.  It's just another tool.  And probably a better use of those two social sites than what most people use them for.

No, ive never worked in cyber security *sigh*...oh wait, there were those years i worked for the largest ISP here, and assisted the federal police, but other than that...

twitter...please....

all he did was spout unproven theories most of the day....anyone could do that

ill read a legitimate security vendors page thanks

Link to comment
Share on other sites


2 hours ago, stylemessiah said:

No, ive never worked in cyber security *sigh*...oh wait, there were those years i worked for the largest ISP here, and assisted the federal police, but other than that...

twitter...please....

all he did was spout unproven theories most of the day....anyone could do that

ill read a legitimate security vendors page thanks

Well Amit Serper's company has won many awards  let's  see yours? lol Anybody can take payoffs from the feds too tell on people even postal workers have been known too do this.  :P

Quote
https://www.cybereason.com/awards/

Why should we take you're word  over someone  that  works for a cybersecurity firm?

 

Quote

 

Cybereason discovers NotPetya Vaccination

 

Post by: Cybereason Intelligence Team

Cybereason Principal Security Researcher Amit Serper discovered a work around solution that disables the NotPetya ransomware that wreaked havoc in Europe on Tuesday. To activate the vaccination mechanisms users must locate the C:\Windows\ folder and create a file named perfc, with no extension name. This should kill the application before it begins encrypting files.

 

https://www.cybereason.com/blog-cybereason-discovers-notpetya-kill-switch/

 

Link to comment
Share on other sites


12 hours ago, straycat19 said:

 

Why not read twitter. Amit works for a cybersecurity company and does reverse engineering.  He's putting out information to test and then verify. You don't need a webpage to post information on malware research.  Of course people who aren't involved in security professionally probably don't realize that most of the security work collaboration takes place on twitter or facebook because many people from many areas can participate and share information in real time.  It's just another tool.  And probably a better use of those two social sites than what most people use them for.

 

being working in infosec myself, i agree with this fellow :cheers:

3 hours ago, stylemessiah said:

No, ive never worked in cyber security *sigh*...oh wait, there were those years i worked for the largest ISP here, and assisted the federal police, but other than that...

twitter...please....

all he did was spout unproven theories most of the day....anyone could do that

ill read a legitimate security vendors page thanks

 

and here's someone who shows off, but doesn't seem to know the actual security landscape these days.

Let me give you just one example, ever heard of Tavis Ormandy? The guy works in Google Project Zero, is responsible for many of your M$ kernel exploits, AV privilege escalations, application exploits and so on. And guess what's the first mode of his communication about his discoveries? Twitter, if you follow him.

Security researchers all over the world, even the writers of your "legitimate security vendors", first update their findings on twitter, and then only go on to write the article.

Link to comment
Share on other sites


  • Administrator

I must admit, our forums have far more high level - simply put, security experts, than I had previously thought about here.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...