Newly discovered vulnerability raises fears of another WannaCry

Newly discovered vulnerability raises fears of another WannaCry
Employees monitor the spread of ransomware cyber-attacks at South Korea's Internet and Security Agency in Seoul. (AFP)
Updated 26 May 2017
Follow

Newly discovered vulnerability raises fears of another WannaCry

Newly discovered vulnerability raises fears of another WannaCry

SINGAPORE: A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by WannaCry, which infected more than 300,000 computers worldwide, cybersecurity researchers said.
The US Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch.
Rebekah Brown of Rapid7, a cybersecurity company, told Reuters that there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced.
But she said it had taken researchers only 15 minutes to develop malware that made use of the hole. "This one seems to be very, very easy to exploit," she said.
Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers. There are likely to be many more, it said in response to emailed questions.
Most of the computers found are running older versions of the software and cannot be patched, said Brown.
Some of the computers appear to belong to organisations and companies, she said, but most were home users.
The vulnerability could potentially be used to create a worm like the one which allowed WannaCry to spread so quickly, Brown said, but that would require an extra step for the attacker.
Cybersecurity researchers have said they believe North Korean hackers were behind the WannaCry malware, which encrypted data on victims' computers and demanded bitcoin in return for a decryption key.
Meanwhile, Russia's postal service was hit by Wannacry ransomware last week and some of its computers are still down, three employees in Moscow said, the latest sign of weaknesses that have made the country a major victim of the global extortion campaign.
Wannacry compromised the post office's automated queue management system, infecting touch-screen terminals which run on the outdated Windows XP operating system, one of the workers said. Terminals were still blank in some parts of Moscow this week but it was not clear exactly how many branches had been affected.
A spokesman for Russian Post, a state-owned monopoly, said no computers were infected, but some terminals were temporarily switched off as a precaution. "The virus attack did not touch Russian Post, all systems are working and stable," he said.
Other institutions in Russia have said they were infected by the virus, highlighting Moscow's readiness to show it too is a frequent victim of cyber crime in the face of allegations from the United States and Europe of state-sponsored hacking.
The Interior Ministry, mobile operator MegaFon and state rail monopoly Russian Railways all reported infections, with employees locked out of their computers and the creators of the virus demanding ransoms of $300 to $600.
The Russian central bank said on Friday the virus had also compromised some Russian banks in isolated cases.
That the infected post office terminals ran on Windows XP - which Microsoft stopped supporting in 2014 - points to the widespread use of outdated software in Russia, which experts say left the country disproportionately vulnerable to the attack.
Of 300,000 computers infected worldwide, 20 percent were in Russia, according to an initial estimate by cybersecurity researchers last week.
Globally, few ransoms have been paid after many victims found they could restore their systems from backups.
The post office outages also illustrate what investigators say is a common misconception about Wannacry: infected computers are more likely to be part of antiquated systems not deemed important enough to update with the latest security patches, rather than machines integral to the company's core business.
"Many companies in Russia use outdated unpatched systems and older anti-malware solutions," said Nikolay Grebennikov, vice president for R&D at data protection company Acronis. "In big companies upgrades are hard to perform and avoided because of budget and scale."
Scrutiny
Russia's relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers. Moscow has denied the allegations.
Investigators are yet to track down Wannacry's criminal authors, saying they likely used a hacking tool built by the U.S. National Security Agency (NSA) and leaked online in April.
It has not previously been reported that the Russian postal service, which employs more than 350,000 people, had been hit by the virus.
"The head guys rang on Thursday and said we had to turn off the terminals immediately. They said this extortion virus had infected them," a worker at a branch in northwest Moscow said, declining to be identified discussing internal company matters.
"They rang again yesterday and said we could turn them back on. We did that, but you can see they still don't work."
Employees at a second post office confirmed the electronic queuing system was broken but said they did not know why.
Two sources at Russian Railways said the company had suffered a "huge" cyber attack and a small number of computers were infected without damaging any important files.
The extent of the damage had been limited, one of the sources said, because a lot of computers were turned off at the end of the working week. "We were lucky it was a Friday night," he said.
Megafon, which is Russia's second biggest mobile operator, declined to comment on how the virus had got into its system.
It said the virus had caused a temporary outage of its customer support services. "Our sales points suffered worst of all because Windows, which had the exploited vulnerability, is more widely used in retail," a company statement said.
Computer Piracy
The frequent use of pirated software in Russia also helped spread the Wannacry infection, investigators said, as unlicensed products do not receive security updates.
Reuters has found no evidence any of Russian companies infected with the Wannacry virus were using unlicensed software.
But computer piracy is a long-standing issue for technology companies in Russia, one which has as become increasingly acute as the country's economic slump and falling earnings make licensed products prohibitively expensive.
Data compiled by the BSA Software Alliance trade group shows 64 percent of software products in Russia were pirated in 2015 - a black market industry worth $1.3 billion - compared to a global average of 39 percent.
"Piracy is still wide spread in Russia, especially if we are talking about home users," Grebennikov said. "This is because of poverty. If an operating system costs say 500 roubles, people would buy it."
Microsoft's Windows 10 operating system currently costs around 8,000 rubles ($140.92) in Russia, around a fifth of the average monthly wage of 39,000 roubles. Online, the same product can be illegally downloaded for free.