Trump lifts Cyber Command status to boost cyber defense

Trump lifts Cyber Command status to boost cyber defense

WASHINGTON (Reuters) – President Donald Trump said on Friday he was elevating the status of the Pentagon’s U.S. Cyber Command to help spur development of cyber weapons to deter attacks and punish intruders.

In a statement, Trump said the unit would be ranked at the level of Unified Combatant Command focused on cyberspace operations.

Cyber Command’s elevation reflects a push to strengthen U.S. capabilities to interfere with the military programs of adversaries such as North Korea’s nuclear and missile development and Islamic State’s ability to recruit, inspire and direct attacks, three U.S. intelligence officials said this month, speaking on the condition of anonymity.

Cyber Command had been subordinate to the U.S. Strategic Command, which is also responsible for military space operations, nuclear weapons and missile defense.

Once elevated, Cyber Command would have the same status as U.S. Strategic Command and eight other unified commands that control U.s. military forces and are composed of personnel from multiple branches of the armed services.

The Pentagon did not specify how long the elevation process would take.

Current and former officials said a leading candidate to head U.S. Cyber Command was Army Lt. Gen. William Mayville, currently director of the Pentagon’s Joint Staff.

Trump also said the defense secretary was also considering separating the U.S. Cyber Command from the National Security Agency (NSA). Cyber Command’s mission is to shut down and, when ordered, counter cyber attacks. The NSA’s role is to gather intelligence and generally favors monitoring enemies’ cyber activities.

Republican Senators John McCain and Lindsey Graham, both strong voices on security matters, praised the move and said it would boost the command’s abilities.

Still, McCain, chairman of the Senate Armed Services Committee, said more steps were needed to meet the nation’s cyber security challenges.

“We must develop a clear policy and strategy for deterring and responding to cyber threats. We must also develop an integrated, whole-of-government approach to protect and defend the United States from cyberattacks,” he said in a statement.

The new combatant command will improve U.S. capabilities to punish foreign cyberattacks and discourage attempts to disrupt critical U.S. infrastructure such as financial networks, electric grids, and medical systems. It will establish a cyber version of the nuclear doctrine of “mutual assured destruction” between the United States and the former Soviet Union, the three U.S. officials said

The U.S. is more vulnerable to cyber intrusions than its most capable adversaries, including China, Russia, and North Korea, because its economy is more dependent on the internet, two of the officials said. As other nations improve their communications networks, their vulnerability will grow, they added.

(Reporting by Makini Brice and Susan Heavey. Additional reporting by Idrees Ali, John Walcott and Warren Strobel.; Editing by Franklin Paul and Andrew Hay)

Flush times for hackers in booming cyber security job market

A recruiter advertises a QR code to attract hackers to apply for jobs at the Black Hat security conference in Las Vegas, Nevada, U.S. July27, 2017. REUTERS/Joseph Menn

By Joseph Menn and Jim Finkle

LAS VEGAS (Reuters) – The surge in far-flung and destructive cyber attacks is not good for national security, but for an increasing number of hackers and researchers, it is great for job security.

The new reality is on display in Las Vegas this week at the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting.

“Hosting big parties has enabled us to meet more talent in the community, helping fill key positions and also retain great people,” said Jen Ellis, a vice president with cybersecurity firm Rapid7 Inc, which filled the hip Hakkasan nightclub on Wednesday at one of the week’s most popular parties.

Twenty or even 10 years ago, career options for technology tinkerers were mostly limited to security firms, handfuls of jobs inside mainstream companies, and in government agencies.

But as tech has taken over the world, the opportunities in the security field have exploded.

Whole industries that used to have little to do with technology now need protection, including automobiles, medical devices and the ever-expanding Internet of Things, from thermostats and fish tanks to home security devices.

More insurance companies now cover breaches, with premiums reduced for strong security practices. And lawyers are making sure that cloud providers are held responsible if a customer’s data is stolen from them and otherwise pushing to hold tech companies liable for problems, meaning they need security experts too.

The non-profit Center for Cyber Safety and Education last month predicted a global shortage of 1.8 million skilled security workers in 2022. The group, which credentials security professionals, said that a third of hiring managers plan to boost their security teams by at least 15 percent.

For hackers who prefer to pick things apart rather than stand guard over them, an enormous number of companies now offer “bug bounties,” or formal rewards, for warnings about vulnerabilities that leave them exposed to criminals or spies.

One of the outside firms that handle such programs, HackerOne, said it has paid out $18.8 million since 2014 to fix 50,140 bugs, with about half of that work done in the past year.

Mark Litchfield made it into the firm’s “Hacker Hall of Fame” last year by being the first to pull in more than $500,000 in bounties through the platform, well more than he earned at his last full-time security job, at consulting firm NCC Group.

In the old days, “The only payout was publicity, free press,” Litchfield said. “That was the payoff then. The payoff now is literally to be paid in dollars.”

There are other emerging ways to make money too. Justine Bone’s medical hacking firm, MedSec, took the unprecedented step last year of openly teaming with an investor who was selling shares short, betting that they would lose value.

It was acrimonious, but St Jude Medical ultimately fixed its pacemaker monitors, which could have been hacked, and Bone predicted others will try the same path.

“Us cyber security nerds have spent most of our careers trying to make the world a better place by engaging with companies, finding bugs which companies may or may not repair,” Bone said.

“If we can take our expertise out to customers, media, regulators, nonprofits and think tanks and out to the financial sector, the investors and analysts, we start to help companies understand in terms of their external environment.”

Chris Wysopal, co-founder of code auditor Veracode, bought in April by CA Technologies, said that he was initially skeptical of the MedSec approach but came around to it, in part because it worked. He appeared at Black Hat with Bone.

“Many have written that the software and hardware market is dysfunctional, a lemon market, because buyers don’t know how insecure the products they purchase are,” Wysopal said in an interview.

“I’d like to see someone fixing this broken market. Profiting off of that fix seems like the best approach for a capitalism-based economy.”

(Reporting by Joseph Menn and Jim Finkle; additional reporting by Dustin Volz; Editing by Jonathan Weber and Grant McCool)

Foreign hackers probe European critical infrastructure networks

Cables and computers are seen inside a data centre at an office in the heart of the financial district in London, Britain

By Mark Hosenball

LONDON (Reuters) – Cyber attackers are regularly trying to attack data networks connected to critical national infrastructure systems around Europe, according to current and former European government sources with knowledge of the issue.

The sources acknowledged that European infrastructure data networks face regular attacks similar to those which the Washington Post newspaper said on Sunday had been launched by Russian government hackers against business systems of U.S. nuclear power and other companies involved in energy production.

One former senior British security official said it was an “article of faith” that Russian government hackers were seeking to penetrate UK critical infrastructure though the official said he could not cite public case studies.

A European security source acknowledged that UK authorities were aware of the latest reports about infrastructure hacking attempts and that British authorities were in regular contact with other governments over the attacks.

UK authorities declined to comment on the extent of any such attempted or successful attacks in Britain or elsewhere in Europe or to discuss what possible security measures governments and infrastructure operators might be taking.

The Washington Post said recent attempted Russian hacking attacks on infrastructure related systems in the United States appeared to be an effort to “assess” such networks.

But there was no evidence that hackers had actually penetrated or disrupted key systems controlling operations at nuclear plants.

The Post cited several U.S. and industry officials saying that this was the first time hackers associated with the Russian government are known to have tried to get into US nuclear power companies.

The newspaper said that in late June the Federal Bureau of Investigations (FBI) and the U.S. Homeland Security Department warned energy companies that unnamed foreign hackers were trying to steal login and password information so they could hack into networks.

U.S. officials have acknowledged that many key computer systems which run critical infrastructure ranging from power grids to transportation networks originally were not built with strong security protection against outside hackers.

Security experts in the U.S. and Europe acknowledge that the development and evolution of security measures to protect critical infrastructure system against outside intruders has often run behind the ability of hackers to invent tools to get inside such systems.

 

(Editing by Richard Balmforth)

 

Russia causing cyber mayhem, should face retaliation: ex-UK spy chief

The director of Britain's GCHQ Robert Hannigan delivers a speech at Government Communications Headquarters in Cheltenham, November 17, 2015.

By Michael Holden

LONDON (Reuters) – Russia is causing cyberspace mayhem and should face retaliation if it continues to undermine democratic institutions in the West, the former head of Britain’s GCHQ spy agency said on Monday.

Russia denies allegations from governments and intelligence services that it is behind a growing number of cyber attacks on commercial and political targets around the world, including the hackings of recent U.S. and French presidential election campaigns.

Asked if the Russian authorities were a threat to the democratic process, Robert Hannigan, who stepped down as head of the UK’s intelligence service in March, said: “Yes … There is a disproportionate amount of mayhem in cyberspace coming from Russia from state activity.”

In his first interview since leaving GCHQ, Hannigan told BBC radio that it was positive that French President Emmanuel Macron and German Chancellor Angela Merkel had publicly “called this out recently”.

Standing alongside Russian President Vladimir Putin in May, Macron said state-funded Russian news outlets had sought to destabilize his campaign while the head of Germany’s domestic intelligence agency said last week it was expecting Russia to try to influence the German election in September.

“Ultimately people will have to push back against Russian state activity and show that it’s unacceptable,” he said.

“It doesn’t have to be by cyber retaliation, but it may be that is necessary at some time in the future. It may be sanctions and other measures, just to put down some red lines and say that this behavior is unacceptable.”

Hannigan also said it would be a mistake to force social media companies to allow intelligence agencies to access services protected by encryption through so-called “back door” access.

“The best you can do with end-to-end encryption is work with companies in a cooperative way to find ways around it frankly,” he said. He said such “back doors” would weaken systems.

Hannigan also said governments should wait to see how a global working group on tackling online extremism established by Facebook, Google’s YouTube, Twitter and Microsoft performed before seeking new laws.

“Legislation is a blunt last resort because frankly extremism is very difficult to define in law and you could spend all your time in court arguing about whether a particular video crosses the line or not,” he said.

Last month, Germany approved a plan to fine social media networks up to 50 million euros ($57 million) if they failed to remove hateful postings promptly. Britain has also mooted bringing in possible sanctions for tech firms that failed to remove extremist content.

 

 

(Editing by Raissa Kasolowsky)

 

U.S. Energy Department helping power firms defend against cyber attacks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Jim Finkle, Scott DiSavino and Timothy Gardner

(Reuters) – The U.S. Department of Energy said on Friday it is helping U.S. firms defend against a hacking campaign that targeted power companies including at least one nuclear plant, saying the attacks have not impacted electricity generation or the grid.

News of the attacks surfaced a week ago when Reuters reported that the U.S. Department of Homeland Security and Federal Bureau of Investigation issued a June 28 alert to industrial firms, warning them of hacking targeting the nuclear, power and critical infrastructure sectors.

“DOE is working with our government and industry partners to mitigate any impact from a cyber intrusion affecting entities in the energy sector,” a Department of Energy representative said in an email to Reuters. “At this time, there has been no impact to systems controlling U.S. energy infrastructure. Any potential impact appears to be limited to administrative and business networks.”

It was not clear who was responsible for the hacks. The joint report by the DHS and the FBI did not identify the attackers, though it described the hacks as “an advanced persistent threat,” a term that U.S. officials typically but not always use to describe attacks by culprits.

The DOE discussed its response to the attacks after Bloomberg News reported on Friday that the Wolf Creek nuclear facility in Kansas was among at least a dozen U.S. power firms breached in the attack, citing current and former U.S. officials who were not named.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said via email.

A separate Homeland Security technical bulletin issued on June 28 included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

The June 28 alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

David Lochbaum, a nuclear expert at the nonprofit group Union of Concerned Scientists, said reactors have a certain amount of immunity from cyber attacks because their operation systems are separate from digital business networks. But over time it would not be impossible for hackers to potentially do harm.

“Perhaps the biggest vulnerability nuclear plants face from hackers would be their getting information on plant designs and work schedules with which to conduct a physical attack,” Lochbaum said.

The DOE said it has shared information about this incident with industry, including technical details on the attack and mitigation suggestions.

“Security professionals from government and industry are working closely to share information so energy system operators can defend their systems,” the agency representative said.

Earlier, the FBI and DHS issued a joint statement saying “There is no indication of a threat to public safety” because the impact appears limited to administrative and business networks.

The Nuclear Regulatory Commission has not received any notifications of a cyber event that has affected critical systems at a nuclear plant, said spokesman Scott Burnell.

A nuclear industry spokesman told Reuters last Saturday that hackers have never gained access to a nuclear plant.

(Reporting by Jim Finkle in Toronto, Scott DiSavino in New York and Timothy Gardner in Washington; Additional reporting by Dustin Volz in Washington and Joseph Menn in San Francisco; Editing by Bernard Orr)

EU agrees to use sanctions against cyber hackers

Participant of the Pro-Europe "Pulse of Europe" movement waves European Union flag during a protest at Gendarmenmarkt square in Berlin, Germany, April 2, 2017. REUTERS/Fabrizio Bensch

LUXEMBOURG (Reuters) – The European Union can levy economic sanctions on anyone caught attacking EU states’ computer networks, EU foreign ministers said on Monday, the bloc’s latest step to deter more attacks following incidents in Britain and France.

With German national elections in September, interference in democratic votes is a concern for the bloc after accusations of Russian meddling in the U.S. presidential election last November and the French election in May.

EU foreign ministers agreed that so-called restrictive measures including travel bans, assets freezes and blanket bans on doing business with a person, company or government could be used for the first time.

“A joint EU response to malicious cyber activities would be proportionate to the scope, scale, duration, intensity, complexity, sophistication and impact of the cyber activity,” the bloc said in a statement.

U.S. intelligence agencies concluded last year that Russia hacked and leaked Democratic Party emails as part of an effort to tilt the presidential election in favor of President Donald Trump, which Russia denies.

A British intelligence agency has told political parties to protect themselves against potential cyber attacks, while the French government dropped plans to let its citizens abroad vote electronically in Sunday’s legislative elections because of the risk of cyber attacks.

(Reporting by Robin Emmott, editing by Ed Osmond)

Canada cyber-spy agency expects hacktivist attacks in 2019 vote

Communications Security Establishment (CSE) Chief Greta Bossenmaier takes part in a news conference in Ottawa, Ontario, Canada, June 16, 2017. REUTERS/Chris Wattie

By Leah Schnurr and Alastair Sharp

OTTAWA/TORONTO (Reuters) – Canada’s electronic spy agency said on Friday it was “very likely” that hackers will try to influence Canada’s 2019 elections and it planned to advise political parties next week on how to guard against cyber threats.

The Communications Security Establishment (CSE) agency said it had not detected any nation-state attempts to interfere in prior Canadian elections but saw risk from hacktivists.

CSE said Canada’s 2015 federal election, which brought Prime Minister Justin Trudeau’s Liberals to power, was targeted by “low-sophistication cyber threat activity” that did not affect the outcome of the election, according to a report it released on Friday.

“CSE will be offering cyber advice and guidance to parliamentarians and to Canada’s political parties,” CSE chief Greta Bossenmaier told a news conference. “Cyber security is a team imperative; no one organization can go it alone,” she added.

Worries about interference in democratic processes have come to the fore amid allegations of Russian meddling in the U.S. presidential election last November and the French election in May.

U.S. intelligence agencies concluded last year that Russia hacked and leaked Democratic Party emails as part of an effort to tilt the presidential election in favor of Donald Trump, something Russia denies.

A British intelligence agency in March told political parties to protect themselves against potential cyber attacks, while the French government in March dropped plans to let its citizens abroad vote electronically in this month’s legislative elections because of concern about the risk of cyber attacks.

CSE said federal political parties, politicians and the media are more vulnerable to cyber threats than elections themselves, given that federal elections are largely paper-based.

Cyber security lawyer Imran Ahmed of Miller Thomson said engaging with political parties was “a good first step” but the spy agency should have already had a plan in place including expected standards for political parties to meet.

“We’re two years away from 2019 and there’s no timeline for what the next steps will be,” he said.

CSE said it expects some hacktivist efforts in 2019 will be well-planned, with targets ranging from voter suppression and stealing party information to trying to discredit candidates.

(Reporting by Leah Schnurr in Ottawa and Alastair Sharp in Toronto; Editing by Phil Berlowitz)

U.S. muni market slowly starts paying heed to cyber risks

FILE PHOTO: An advertisement about the Microsoft Cybercrime Center plays behind a window reflecting a nearby building at the Microsoft office in Cambridge, Massachusetts, U.S. May 15, 2017. REUTERS/Brian Snyder/File Photo

By Hilary Russ

NEW YORK (Reuters) – A rise in cyber attacks on U.S. public sector targets so far has had little impact in the $3.8 trillion municipal debt market, with no issuer as yet hit by a downgrade or higher borrowing costs because of a cyber security threat.

That is beginning to change.

S&P Global has begun to quiz states, cities and towns about their cyber defenses, and some credit analysts are starting to factor cyber security when they look at bonds. Moody’s Investors Service is also trying to figure out how to best evaluate cyber risk.

The shift follows a particularly steep rise in ransomware attacks, when criminals hold an entity’s computer system hostage until a small ransom is paid.

The number of global ransomware detections rose 36 percent in 2016 from the year before, to 463,841, with the United States most heavily affected, according to cyber security firm Symantec Corp.

Such attacks, which have also hit companies and federal entities, have spared no kind of municipal issuer large or small, from police departments to school districts and transit agencies. Ransomware attacks on state and local governments and their agencies have risen in proportion with the overall increase, according to cyber insurance provider Beazley Group.

“State and local governments are a huge target, quite frankly an easy target for bad guys,” said Bob Anderson, managing director for information security at Navigant management consulting firm in Washington and a former global cyber investigator at the Federal Bureau of Investigation.

Last month’s “WannaCry” ransomware attack, which hobbled global businesses and Britain’s National Health Service, may also be prompting renewed focus on cyber security, though it had minimal impact in the United States.

Considering a potential cyber attack as a similar risk to a natural disaster, S&P has already been reviewing cyber security defenses of utilities, hospitals and colleges because they were early public sector targets for hackers.

Now it is also beginning to ask cities and states about the costs and level of security measures and the financial impact of successful attacks, said Geoffrey Buswick, who manages S&P’s public sector ratings.

HEAD IN THE SAND

The answers feed into broader categories that affect an issuer’s ratings, particularly governance, liquidity and operations.

Many breaches are handled quickly and financial damage is limited, but not every attack will necessarily end that way, Buswick said. “We’re trying to get sense of who has their head in the sand and who doesn’t.”

Fitch Ratings said it does not consider cyber security in its ratings, and many investors still are not concerned enough to ask for details.

In part, that is because it can be difficult to assess the operational and financial fallout of such attacks. Some high profile breaches so far have also done limited damage to issuers’ finances.

Case in point is the state of South Carolina, which in August 2012 suffered possibly the worst cyber attack yet of any city or state.

When hackers stole the personal data of more than 3.5 million taxpayers, the state had to investigate, provide credit monitoring and consumer fraud protection, and implement a slew of post-breach upgrades, according to State Senator Thomas Alexander.

The total cost is around $76 million and counting, he said. That is enough to pay for several school programs combined. But against South Carolina’s annual general fund budget of roughly $8 billion, the costs made no dent in its standing as a borrower.

Many issuers do not disclose any information to potential investors in bond documents about cyber risks or defenses. But a few, particularly hospitals and utilities, have started doing so.

In a February prospectus, the Maryland Health and Higher Educational Facilities Authority, the state’s largest public debt issuer, included nearly a full page devoted to the growing risk of cyber attacks.

“Because we’re such a large issuer, and because healthcare is often treated much more like a corporate credit, the legal counsels to the transaction weigh in on the bondholder risk section,” said Annette Anselmi, the authority’s Executive Director, noting that such disclosures also evolve depending on what kinds of questions the market is asking.

Hospitals are also ahead on cyber security disclosure because they rely on huge amounts of data, said Court Street Group analyst Joseph Krist.

Eventually, he expects others to follow suit.

“We went through this with getting munis to … disclose more pension information. Those were frankly long and painful processes. It just has to get to a critical mass.”

(Reporting by Hilary Russ; Additional reporting by Jim Finkle in Toronto; Editing by Daniel Bases and Tomasz Janowski)

U.S. blames North Korea for hacking spree, says more attacks likely

The North Korea flag flutters next to concertina wire at the North Korean embassy in Kuala Lumpur, Malaysia March 9, 2017. REUTERS/Edgar Su

By Dustin Volz and Jim Finkle

WASHINGTON/TORONTO (Reuters) – The U.S. government on Tuesday issued a rare alert squarely blaming the North Korean government for a raft of cyber attacks stretching back to 2009 and warning that more were likely.

The joint warning from the U.S. Department of Homeland Security and the Federal Bureau of Investigation said that “cyber actors of the North Korean government,” referred to in the report as “Hidden Cobra,” had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.

The new level of detail about the U.S. government’s analysis of suspected North Korean hacking activity coincides with increasing tensions between Washington and Pyongyang because of North Korea’s missile tests. The alert warned that North Korea would continue to rely on cyber operations to advance its military and strategic objectives.

North Korea has routinely denied involvement in cyber attacks against other countries.

The North Korean mission to the United Nations was not immediately available for comment.

Tuesday’s alert said Hidden Cobra has been previously referred to by private sector experts as Lazarus Group and Guardians of the Peace, which have been linked to attacks such as the 2014 intrusion into Sony Corp’s <6758.T> Sony Pictures Entertainment.

Symantec Corp <SYMC.O> and Kaspersky Lab both said last month it was “highly likely” that Lazarus was behind the WannaCry ransomware attack that infected more than 300,000 computers worldwide, disrupting operations at hospitals, banks and schools.

The alert did not identify specific Hidden Cobra victims. It said the group had compromised a range of victims and that some intrusions had resulted in thefts of data while others were disruptive. The group’s capabilities include denial of service attacks, which send reams of junk traffic to a server to knock it offline, keystroke logging, remote access tools and several variants of malware, the alert said.

John Hultquist, a cyber intelligence analyst with FireEye Inc <FEYE.O>, said that his firm was concerned about increasingly aggressive cyber attacks from North Korea.

The hacks include cyber espionage at South Korean finance, energy and transportation firms that appears to be reconnaissance ahead of other attacks that would be disruptive or destructive, he said.

“It suggests they are preparing for something fairly significant,” he added.

Hidden Cobra commonly targets systems that run older versions of Microsoft Corp <MSFT.O> operating systems that are no longer patched, the alert said, and also used vulnerabilities in Adobe Systems Inc’s <ADBE.O> Flash software to gain access into targeted computers.

The report urged organizations to upgrade to current versions of Adobe Flash and Microsoft Silverlight or, when possible, uninstall those applications altogether.

Microsoft said it an emailed statement that it had “addressed” the Silverlight issue in a January 2016 software update. Adobe said via email that it patched the vulnerabilities in June 2016.

North Korean hacking activity has grown increasingly hostile in recent years, according to Western officials and cyber security experts.

The alert arrived on the same day that North Korea released an American university student who had been held captive by Pyongyang for 17 months.

Otto Warmbier, 22, was on his way back to the United States on Tuesday but in a coma and in urgent need of medical care, according to Bill Richardson, a veteran former diplomat and politician who has played a role in past negotiations with North Korea.

“The U.S. government seeks to arm network defenders with the tools they need to identify, detect and disrupt North Korean government malicious cyber activity that is targeting our country’s and our allies’ networks,” a DHS official said about the alert. The official was not authorized to speak publicly.

(Reporting by Dustin Volz in Washington and Jim Finkle in Toronto; Additional reporting by Michelle Nichols at the United Nations; editing by Jonathan Oatis, Lisa Shumaker, Grant McCool)

Banks reinforce cyber defenses after global attack

Cables and computers are seen inside a data centre at an office in the heart of the financial district in London, Britain May 15, 2017. REUTERS/Dylan Martinez

By John O’Donnell and Alexander Winning

FRANKFURT/MOSCOW (Reuters) – Banks have tightened their security systems and increased their surveillance after the global cyber assault on individuals and organizations worldwide.

Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, the “ransomware” attack launched on Friday has infected tens of thousands of computers in 104 countries, putting the financial industry on high alert.

It halted the production lines of a European carmaker and delayed surgical operations in Britain’s National Health Service.

Many suspected infections were of Russian computers. Russia’s central bank said it had recorded harmful software being sent en masse to Russian banks but that the attacks had been unsuccessful.

Sberbank, the country’s biggest lender, said viruses had not got into its systems. The bank said it was nonetheless “on high alert”.

Russia is more vulnerable to attack because organizations there often use outdated technology as an economic slowdown squeezes spending.

Many banks in Europe said they had stepped up efforts to prevent attackers getting through.

One person helping coordinate banks’ response said they were setting up back-up systems for data and introducing security upgrades.

“The banks’ greatest fear is copycat attacks,” said Keith Gross, who chairs the European Banking Federation’s cybersecurity working group. “So they are updating like a wild thing.”

ON GUARD

Germany’s savings banks, the largest and most powerful financial group in the country, received reminders from the group’s information technology company to install updates.

One large British bank said they had drafted people in to work over the weekend, having been subject to a similar attack earlier this year.

A European investment bank said it was accelerating the process of “patching” software following the incident.

Spanish banks La Caixa, Bankinter and Sabadell said they had all taken measures.

“We weren’t attacked but we took preventative measures about the cyber-attack over the whole weekend. There is an emergency committee that is reporting constantly and we have conference calls every eight hours. We can’t drop our guard”, said a Sabadell spokesman.

Banks generally have more robust cyber defenses than other sectors, because of the sensitive nature of their industry and to meet regulatory requirements.

But aging technology and banks’ attractiveness to hackers means they are often targets.

Last year 2.5 million pounds ($3.23 million) was taken from small British lender Tesco Bank. The identity of the culprits remains unknown.

Other UK banks including HSBC and Royal Bank of Scotland have suffered cyber attacks in the past two years that have brought their online services down.

A survey of cyber security and risk experts released last Friday by insurer AIG found the financial services industry had been identified as the most likely to experience a systemic attack.

In the United Kingdom on Monday, the government’s National Cyber Security Centre said it was distributing advice to raise awareness of the threat, including to the financial industry.

Across the globe, regulators took similar steps.

The Hong Kong Securities and Futures Commission issued a circular warning groups to be on alert and take action such as security updates and offline backups.

It instructed firms to “take immediate actions to critically review and assess the effectiveness of their cybersecurity controls”.

India’s IndusInd Bank said on Monday the attack had affected a few systems, but those had been quarantined over the weekend and it had moved quickly to patch its systems.

For the most part, however, banks remained insulated from the cyber attack.

“In the NHS, the technology they are using it out of date,” said Paul Edon of cyber security group Tripwire. “Banks have six to eight levels of defense.”

(Additional reporting by Andres Gonzales, Euan Rocha in Mumbai and Michelle Price in Hong Kong; Writing by John O’Donnell; Editing by Andrew Roche)