Tag Archives: Cyber Security

Ukraine cyber security firm warns of possible new attacks

Ukraine cyber security firm warns of possible new attacks

KIEV (Reuters) – Ukrainian cyber security firm ISSP said on Tuesday it may have detected a new computer virus distribution campaign, after security services said Ukraine could face cyber attacks similar to those which knocked out global systems in June.

The June 27 attack, dubbed NotPetya, took down many Ukrainian government agencies and businesses, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.

ISPP said that, as with NotPetya, the new malware seemed to originate in accounting software and could be intended to take down networks when Ukraine celebrates its Independence Day on Aug. 24.

“This could be an indicator of a massive cyber attack preparation before National Holidays in Ukraine,” it said in a statement.

In a statement, the state cyber police said they also had detected new malicious software.

The incident is “in no way connected with global cyber attacks like those that took place on June 27 of this year and is now fully under control,” it said.

The state cyber police and the Security and Defence Council have said Ukraine could be targeted with a NotPetya-style attack aimed at destabilizing the country as it marks its 1991 independence from the Soviet Union.

Last Friday, the central bank said it had warned state-owned and private lenders of the appearance of new malware, spread by opening email attachments of word documents.

Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

(Reporting by Natalia Zinets; Additional reporting by Pavel Polityuk; Writing by Alessandra Prentice; editing by Mark Heinrich and Richard Balmforth)

Trump lifts Cyber Command status to boost cyber defense

Trump lifts Cyber Command status to boost cyber defense

WASHINGTON (Reuters) – President Donald Trump said on Friday he was elevating the status of the Pentagon’s U.S. Cyber Command to help spur development of cyber weapons to deter attacks and punish intruders.

In a statement, Trump said the unit would be ranked at the level of Unified Combatant Command focused on cyberspace operations.

Cyber Command’s elevation reflects a push to strengthen U.S. capabilities to interfere with the military programs of adversaries such as North Korea’s nuclear and missile development and Islamic State’s ability to recruit, inspire and direct attacks, three U.S. intelligence officials said this month, speaking on the condition of anonymity.

Cyber Command had been subordinate to the U.S. Strategic Command, which is also responsible for military space operations, nuclear weapons and missile defense.

Once elevated, Cyber Command would have the same status as U.S. Strategic Command and eight other unified commands that control U.s. military forces and are composed of personnel from multiple branches of the armed services.

The Pentagon did not specify how long the elevation process would take.

Current and former officials said a leading candidate to head U.S. Cyber Command was Army Lt. Gen. William Mayville, currently director of the Pentagon’s Joint Staff.

Trump also said the defense secretary was also considering separating the U.S. Cyber Command from the National Security Agency (NSA). Cyber Command’s mission is to shut down and, when ordered, counter cyber attacks. The NSA’s role is to gather intelligence and generally favors monitoring enemies’ cyber activities.

Republican Senators John McCain and Lindsey Graham, both strong voices on security matters, praised the move and said it would boost the command’s abilities.

Still, McCain, chairman of the Senate Armed Services Committee, said more steps were needed to meet the nation’s cyber security challenges.

“We must develop a clear policy and strategy for deterring and responding to cyber threats. We must also develop an integrated, whole-of-government approach to protect and defend the United States from cyberattacks,” he said in a statement.

The new combatant command will improve U.S. capabilities to punish foreign cyberattacks and discourage attempts to disrupt critical U.S. infrastructure such as financial networks, electric grids, and medical systems. It will establish a cyber version of the nuclear doctrine of “mutual assured destruction” between the United States and the former Soviet Union, the three U.S. officials said

The U.S. is more vulnerable to cyber intrusions than its most capable adversaries, including China, Russia, and North Korea, because its economy is more dependent on the internet, two of the officials said. As other nations improve their communications networks, their vulnerability will grow, they added.

(Reporting by Makini Brice and Susan Heavey. Additional reporting by Idrees Ali, John Walcott and Warren Strobel.; Editing by Franklin Paul and Andrew Hay)

Ukraine central bank warns of new cyber-attack risk

Ukraine central bank warns of new cyber-attack risk

By Natalia Zinets

KIEV (Reuters) – The Ukrainian central bank said on Friday it had warned state-owned and private lenders of the appearance of new malware as security services said Ukraine faced cyber attacks like those that knocked out global systems in June.

The June 27 attack, dubbed NotPetya, took down many Ukrainian government agencies and businesses, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.

Kiev’s central bank has since been working with the government-backed Computer Emergency Response Team (CERT) and police to boost the defenses of the Ukrainian banking sector by quickly sharing information.

“Therefore on Aug. 11…, the central bank promptly informed banks about the appearance of new malicious code, its features, compromise indicators and the need to implement precautionary measures to prevent infection,” the central bank told Reuters in emailed comments.

According to its letter to banks, seen by Reuters, the new malware is spread by opening email attachments of word documents.

“The nature of this malicious code, its mass distribution, and the fact that at the time of its distribution it was not detected by any anti-virus software, suggest that this attack is preparation for a mass cyber-attack on the corporate networks of Ukrainian businesses,” the letter said.

Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

The state cyber police and Security and Defence Council have said Ukraine could be targeted on Aug. 24 with a NotPetya-style attack aimed at destabilizing the country as it celebrates its 1991 independence from the Soviet Union.

(Writing by Alessandra Prentice; editing by Mark Heinrich)

Greater China cyber insurance demand set to soar after WannaCry attack: AIG

FILE PHOTO: A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su/File Photo

By Julie Zhu

HONG KONG (Reuters) – Demand for cyber insurance from firms in Greater China and elsewhere in Asia is poised to soar, based on enquiries received after the “WannaCry ransomware” attack earlier this year, executives at American International Group Inc said.

The American insurer saw an 87 percent jump in enquiries for cyber insurance policies in May compared to April for Greater China including Hong Kong as a direct result of the WannaCry attack, while the global increase was 38 percent, they said.

“The big increase means the organizations are aware they really need protection,” Cynthia Sze, head of an AIG business in Greater China that provides solutions to companies dealing with cyber breaches, told reporters. AIG executives declined to give details on numbers or say how many of the enquiries actually resulted in policy sales.

The self-replicating WannaCry malware in May infected over 200,000 computers in 150 countries.

A typical cyber insurance policy can protect companies against extortion like ransomware attacks. It could also cover the investigation costs and pay the ransom.

In Hong Kong, which is dominated by small and medium sized enterprises, the impact of a cyber attack could be severe as cyber threats are not a priority given the limited resources of SMEs, said Sze.

Citing Hong Kong police statistics, Sze said computer security incident reports have grown to about 6,000 last year from 1,500 in 2009. Financial losses resulting from such incidents jumped from HK$45 million ($5.76 million) to HK$2.3 billion over the same period, she said.

Hong Kong police did not immediately respond to a request for comment to confirm the numbers.

“WannaCry has really changed the dynamics. We used to tap large multinational companies that understood where the exposure was. Now we are really talking about mid-market and SMEs,” said Jason Kelly, AIG’s head of liabilities and financial lines for Greater China, Australasia and South Korea.

The global market for cyber insurance is worth $2 billion, with 30 percent of middle to large firms purchasing cyber insurance protection, according to AIG. The insurer has also seen an average annual growth rate of 20 to 25 percent in cyber insurance policies over the past three years worldwide, said Kelly.

Insurance companies have been cautiously entering the cyber insurance market as they look for growth amid stiff competition and potential exposure to cyber breaches.

According to Kelly, the annual damage from hackers to the global economy reached about $400 billion in 2015.

(Reporting by Julie Zhu; Editing by Muralikumar Anantharaman)

Kenya opposition leader says election website hacked to show president in lead

Riot policemen deploy after demonstrators supporting opposition leader Raila Odinga, burned tyres after their political leader claimed "massive" fraud in this week's elections, in Kisumu, Kenya August 9, 2017. REUTERS/James Keyi

By Humphrey Malalo and Duncan Miriri

NAIROBI (Reuters) – Kenya’s opposition leader Raila Odinga said on Wednesday the election commission’s computer system was hacked and fake results posted to show President Uhuru Kenyatta with a strong lead in a case of massive fraud.

The election commission said Tuesday’s vote was free and fair and it was investigating whether or not its computer systems and vote-tallying database had been compromised.

Odinga’s comments raised concerns of unrest over the results in Kenya, East Africa’s leading economy and a regional hub. Around 1,200 people died in violence after a disputed election in 2007.

Speaking at a news conference, Odinga urged his supporters to remain calm, but added: “I don’t control the people”. His deputy Kalonzo Musyoka also called for calm but said the opposition might call for “action” at a later date. He gave no details.

Shortly after Odinga spoke, police fired teargas to scatter a group of around 100 supporters in the western city of Kisumu, an opposition stronghold. The unarmed men had been chanting “No Raila, no peace”.

As of 1100 GMT, the election commission website put Kenyatta in front with 54.3 percent of votes counted to 45 percent for Odinga – a margin of nearly 1.4 million ballots with more than 95 percent of polling stations reported.

Odinga published his own party’s assessment of the count on Twitter, saying he had 8.1 million votes against 7.2 million for Kenyatta.

The main local election monitoring group said its parallel vote tally was incomplete so it could not comment on the differing figures. Foreign observer missions declined to comment.

Kenyatta, a 55-year-old businessman seeking a second five-year term, had held a steady lead of around 10 percent since the start of counting after the peaceful vote, the culmination of a hard-fought contest between the heads of Kenya’s two political dynasties.

Odinga, 72, a former political prisoner and self-described leftist, described the reported hack as an attack on Kenya’s democracy and published 50 pages of computer logs on his Facebook page to support his claims.

POLLING STATIONS

Despite its multimillion dollar electronic voting system, the crucial evidence on voting comes from the paper forms signed at each of the country’s 41,000 polling stations.

Results in each polling station are recorded on a form – known as 34A – that observers from each party must sign. These should then be scanned, sent to the election board and posted on a website.

The measure is designed to ensure the elections cannot be rigged and parties can cross-check results.

On Wednesday morning, the commission said it had received 28,000 forms so far and was working to make all forms public. Neither the commission nor Odinga supplied forms to back up their numbers.

The Kenya Human Rights Commission, a well-known non-governmental organization, said it had discovered some discrepancies between provisional results on the election commission website and the paper forms.

It cited five examples, including a polling station in western Nandi county where the electoral board’s website recorded 439 rejected votes but the paper form only showed four.

Odinga ran in Kenya’s last two elections and lost, blaming vote rigging following irregularities at both polls.

In 2007, tallying was stopped and the incumbent president declared the winner, triggering an outcry from Odinga’s camp. The ethnic and political violence that followed killed 1,200 people and displaced 600,000.

International Criminal Court cases against Kenyatta and his now-deputy, William Ruto, for helping direct that violence, collapsed as witnesses died or disappeared.

In 2013, Odinga took his concerns to court. This time, he invoked the unsolved torture and murder of a top election official days before the vote to justify his fears of rigging.

“We fear this was exactly the reason Chris Msando was assassinated, so this could happen,” he said.

Hackers may have used Msando’s identity to access the electronic tallying system, Odinga said. The election commission said its password access system was secure.

Kenya’s shilling firmed and bond prices rose on early results, but analysts said gains could be fragile.

“Kenyatta’s provisional win will soothe those investors who feared a leftist shift in economic policy,” said Hasnain Malik, global head of equities research at Exotix Capital.

“The most important issues are ahead of us: Does Odinga concede peacefully? His initial rhetoric suggests there is a risk he does not.”

Kenya’s B+ credit rating and stable outlook won’t be affected by its election as long as there is no repeat of the 2007 violence, the S&P Global agency said.

(Additional reporting by Maggie Fick in Kisumu and Katharine Houreld, George Obultusa, John Ndiso and Rajiv Golla in Nairobi and Marc Jones in London; Writing by Katharine Houreld and Ed Cropley; Editing by Matthew Mpoke Bigg)

U.S. senators to introduce bill to secure ‘internet of things’

A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus

By Dustin Volz

SAN FRANCISCO (Reuters) – A bipartisan group of U.S. senators on Tuesday plans to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects – known in the tech industry as the “internet of things” – which experts have long warned poses a threat to global cyber security.

The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.

Republicans Cory Gardner and Steve Daines and Democrats Mark Warner and Ron Wyden are sponsoring the legislation, which was drafted with input from technology experts at the Atlantic Council and Harvard University. A Senate aide who helped write the bill said that companion legislation in the House was expected soon.

“We’re trying to take the lightest touch possible,” Warner told Reuters in an interview. He added that the legislation was intended to remedy an “obvious market failure” that has left device manufacturers with little incentive to build with security in mind.

The legislation would allow federal agencies to ask the U.S. Office of Management and Budget for permission to buy some non-compliant devices if other controls, such as network segmentation, are in place.

It would also expand legal protections for cyber researchers working in “good faith” to hack equipment to find vulnerabilities so manufacturers can patch previously unknown flaws.

Security researchers have long said that the ballooning array of online devices including cars, household appliances, speakers and medical equipment are not adequately protected from hackers who might attempt to steal personal information or launch sophisticated cyber attacks.

Between 20 billion and 30 billion devices are expected to be connected to the internet by 2020, researchers estimate, with a large percentage of them insecure.

Though security for the internet of things has been a known problem for years, some manufacturers say they are not well equipped to produce cyber secure devices.

Hundreds of thousands of insecure webcams, digital records and other everyday devices were hijacked last October to support a major attack on internet infrastructure that temporarily knocked some web services offline, including Twitter, PayPal and Spotify.

The new legislation includes “reasonable security recommendations” that would be important to improve protection of federal government networks, said Ray O’Farrell, chief technology officer at cloud computing firm VMware.

(Reporting by Dustin Volz; Editing by Bill Rigby)

Ukraine finally battens down its leaky cyber hatches after attacks

FILE PHOTO: A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko/File Photo

By Matthias Williams

KIEV (Reuters) – When the chief of Microsoft Ukraine switched jobs to work for President Petro Poroshenko, he found that everyone in the office used the same login password. It wasn’t the only symptom of lax IT security in a country suffering crippling cyber attacks.

Sometimes pressing the spacebar was enough to open a PC, according to Dmytro Shymkiv, who became Deputy Head of the Presidential Administration with a reform brief in 2014.

Today discipline is far tighter in the president’s office. But Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

As in many aspects of Ukrainian life, corruption is a problem. Most computers run on pirated software, and even when licensed programs are used, they can be years out of date and lack security patches to help keep the hackers at bay.

Three years into the job, Shymkiv is leading the fight back. He has put together a team, led by a former Microsoft colleague, doing drills, sending out email bulletins to educate staff on new viruses and doing practice hacks offsite.

In the early days, staff complacency and resistance to change were as much a problem as insecure equipment.

“I remember the first weeks when we forced people to do a password change,” Shymkiv told Reuters. “My team heard all kind of screams and disrespectful messages … Over three years, it’s a different organization.”

The team’s small office has a screen with dials, charts and a green spider web showing activity on the network. If there is an attack, a voice shouts “major alarm!” in English, a recording the team downloaded from YouTube.

Eliminating bad practices and introducing good ones is the reason, Shymkiv believes, why the presidential administration was immune to a June 27 virus that spread from Ukraine to cause disruption in companies as far away as India and Australia.

But the country still has a long way to go. Since 2014 repeated cyber attacks have knocked out power supplies, frozen supermarket tills, affected radiation monitoring at the stricken Chernobyl nuclear power plant, and forced the authorities to prop up the hryvnia currency after banks’ IT systems crashed.

Even Poroshenko’s election that year was compromised by a hack on the Central Election Commission’s network, trying to proclaim victory for a far-right candidate — a foretaste of alleged meddling in the 2016 U.S. presidential election.

Ukraine believes the attacks are part of Russia’s “hybrid war” waged since protests in 2014 moved Ukraine away from Moscow’s orbit and closer to the West. Moscow has denied running hacks on Ukraine.

Shymkiv said the task is to “invest in my team, and upgrade them, and teach them, and connect them with other organizations who are doing the right things”.

“If you do nothing like this, you probably will be wiped out,” he added.

The head of Shymkiv’s IT team, Roman Borodin, said the administration is hit by denial-of-service (DDoS) attacks around once every two weeks, and by viruses specifically designed to target it. The hackers seem mainly interested in stealing information from the defense and foreign relations departments, Borodin told Reuters in his first ever media interview.

HONOR AT STAKE

Bruised by past experiences, Ukraine is protecting itself better.

Finance Minister Oleksandr Danylyuk told Reuters his ministry overhauled security after a hack in November crashed 90 percent of its network at the height of budget preparations.

Officials couldn’t log into the system that manages budget transactions for 48 hours, something that played on Danylyuk’s mind as he addressed the Verkhovna Rada or parliament.

“Imagine that, knowing this, I went to the Verkhovna Rada to present the budget – the main financial document on which 45 million people live – and at the same time I was thinking about how to save not only the document itself, but also the honor of the ministry,” he said.

“I understood that if I showed even the slightest hint of our nervousness, the organizers of the attack would achieve their goal.”

Consultants uncovered familiar weaknesses: the budget system operated on a platform dating from 2000, and the version of the database management system should have been upgraded in 2006.

The ministry is introducing new systems to detect anomalies and to improve data protection. “We’re completely revising and restructuring the ministry’s IT landscape,” Danylyuk said.

The ministry emerged unscathed from the June 27 attack. Others weren’t so lucky: Deputy Prime Minister Pavlo Rozenko tweeted a picture of a crashed computer in the cabinet office that same day.

Ukraine is also benefiting from help from abroad.

A cyber police force was set up in 2015 with British funding and training in a project coordinated by the Organization for Security and Co-operation in Europe (OSCE).

While Ukraine is not a NATO member, the Western alliance supplied equipment to help piece together who was behind the June attack and is helping the army set up a cyber defense unit.

Ukraine shares intelligence with neighboring Moldova, another ex-Soviet state that has antagonized Moscow by moving closer to the West and complains of persistent Russian cyber attacks on its institutions.

“At the beginning of this year we had attacks on state-owned enterprises. If it were not for cooperation with the guys from Moldova, we would not have identified these criminals,” Serhiy Demedyuk, the head of the Ukrainian cyber police, told Reuters.

Demedyuk said the attack had been staged by a Russian citizen using a server in Moldova, but declined to give further details.

LAYING DOWN THE LAW

While there has been progress in some areas, Ukraine is still fighting entrenched problems. No less than 82 percent of software is unlicensed, compared with 17 percent in the United States, according to a 2016 survey by the Business Software Alliance, a Washington-based industry group.

Experts say pirated software was not the only factor in the June attack, which also hit up-to-date computers, but the use of unlicensed programs means security patches which could limit the rapid spread of such infections cannot be applied.

Ukraine ranked 60 out of 63 economies in a 2017 survey on digital competitiveness by the International Institute for Management Development. The low ranking is tied to factors such as a weak regulatory framework.

Another problem is that Ukraine has no single agency in charge of ensuring that state bodies and companies of national importance, such as banks, are protected.

This surfaced on June 27, when the NotPetya virus penetrated the company that produces M.E.Doc, an accounting software used by around 80 percent of Ukrainian businesses.

“Locally, the weak spot is accounting, but more generally it is the lack of cyber defenses at a government level. There aren’t agencies analyzing risks at a government level,” said Aleksey Kleschevnikov, the owner of internet provider Wnet, which hosted M.E.Doc’s servers.

Valentyn Petrov, head of the information security department at the National Security and Defence Council, said the state cannot interfere with companies’ security.

“It’s a total disaster from our perspective,” he told Reuters. “All state companies, including state banks, have suffered from attacks, and we really have no influence on them – neither on issuing regulations or checking how they fulfill these regulations.”

Poroshenko signed a decree in February to improve protection of critical institutions. This proposed legislation to spell out which body was in charge of coordinating cyber security and a unified methodology for assessing threats.

The law failed to gather enough votes the day before parliament’s summer recess in July, and MPs voted against extending the session. Shymkiv called that a “big disgrace”.

He added that in many ministries and firms, “we’ve seen very little attention to the IT infrastructures, and it’s something that’s been lagging behind for years”.

Attitudes can be slow to change. Borodin said a policy at the administration to lock computer screens after 15 minutes of inactivity was greeted with indignation. One staffer pointed out that their room was protected by an armed guard.

The staffer said “‘I have a guy with a weapon in my room. Who can steal information from this computer?'” Borodin recounted.

(Additional reporting by Pavel Polityuk, Jack Stubbs, Natalia Zinets and Margaryta Chornokondratenko in Kiev, Eric Auchard in Frankfurt and David Mardiste in Tallinn; editing by David Stamp)

North Korea hacking increasingly focused on making money more than espionage: South Korea study

A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Christine Kim

SEOUL (Reuters) – North Korea is behind an increasingly orchestrated effort at hacking into computers of financial institutions in South Korea and around the world to steal cash for the impoverished country, a South Korean state-backed agency said in a report.

In the past, suspected hacking attempts by North Korea appeared intended to cause social disruption or steal classified military or government data, but the focus seems to have shifted in recent years to raising foreign currency, the South’s Financial Security Institute (FSI) said.

The isolated regime is suspected to be behind a hacking group called Lazarus, which global cybersecurity firms have linked to last year’s $81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony’s Hollywood studio.

The U.S. government has blamed North Korea for the Sony hack and some U.S. officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.

In April, Russian cybersecurity firm Kaspersky Lab also identified a hacking group called Bluenoroff, a spin off of Lazarus, as focused on attacking mostly foreign financial institutions.

The new report, which analyzed suspected cyber attacks between 2015 and 2017 on South Korean government and commercial institutions, identified another Lazarus spinoff named Andariel.

“Bluenoroff and Andariel share their common root, but they have different targets and motives,” the report said. “Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”

Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons program.

Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry “ransomware” cyber attack that infected more than 300,000 computers in 150 countries in May.

“We’ve seen an increasing trend of North Korea using its cyber espionage capabilities for financial gain. With the pressure from sanctions and the price growth in cryptocurrencies like Bitcoin and Ethereum – these exchanges likely present an attractive target,” said Luke McNamara, senior analyst at FireEye, a cybersecurity company.

North Korea has routinely denied involvement in cyber attacks against other countries. The North Korean mission to the United Nations was not immediately available for comment.

ATM, ONLINE POKER

The report said the North Korean hacking group Andariel has been spotted attempting to steal bank card information by hacking into automated teller machines, and then using it to withdraw cash or sell the bank information on the black market. It also created malware to hack into online poker and other gambling sites and steal cash.

“South Korea prefers to use local ATM vendors and these attackers managed to analyze and compromise SK ATMs from at least two vendors earlier this year,” said Vitaly Kamluk, director of the APAC research center at Kaspersky.

“We believe this subgroup (Andariel) has been active since at least May 2016.”

The latest report lined up eight different hacking instances spotted within the South in the last few years, which North Korea was suspected to be behind, by tracking down the same code patterns within the malware used for the attacks.

One case spotted last September was an attack on the personal computer of South Korea’s defense minister as well as the ministry’s intranet to extract military operations intelligence.

North Korean hackers used IP addresses in Shenyang, China to access the defense ministry’s server, the report said.

Established in 2015, the FSI was launched by the South Korean government in order to boost information management and protection in the country’s financial sector following attacks on major South Korean banks in previous years.

The report said some of the content has not been proven fully and is not an official view of the government.

(Additional reporting by Jeremy Wagstaff in SINGAPORE; Editing by Soyoung Kim and Michael Perry)

Flush times for hackers in booming cyber security job market

A recruiter advertises a QR code to attract hackers to apply for jobs at the Black Hat security conference in Las Vegas, Nevada, U.S. July27, 2017. REUTERS/Joseph Menn

By Joseph Menn and Jim Finkle

LAS VEGAS (Reuters) – The surge in far-flung and destructive cyber attacks is not good for national security, but for an increasing number of hackers and researchers, it is great for job security.

The new reality is on display in Las Vegas this week at the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting.

“Hosting big parties has enabled us to meet more talent in the community, helping fill key positions and also retain great people,” said Jen Ellis, a vice president with cybersecurity firm Rapid7 Inc, which filled the hip Hakkasan nightclub on Wednesday at one of the week’s most popular parties.

Twenty or even 10 years ago, career options for technology tinkerers were mostly limited to security firms, handfuls of jobs inside mainstream companies, and in government agencies.

But as tech has taken over the world, the opportunities in the security field have exploded.

Whole industries that used to have little to do with technology now need protection, including automobiles, medical devices and the ever-expanding Internet of Things, from thermostats and fish tanks to home security devices.

More insurance companies now cover breaches, with premiums reduced for strong security practices. And lawyers are making sure that cloud providers are held responsible if a customer’s data is stolen from them and otherwise pushing to hold tech companies liable for problems, meaning they need security experts too.

The non-profit Center for Cyber Safety and Education last month predicted a global shortage of 1.8 million skilled security workers in 2022. The group, which credentials security professionals, said that a third of hiring managers plan to boost their security teams by at least 15 percent.

For hackers who prefer to pick things apart rather than stand guard over them, an enormous number of companies now offer “bug bounties,” or formal rewards, for warnings about vulnerabilities that leave them exposed to criminals or spies.

One of the outside firms that handle such programs, HackerOne, said it has paid out $18.8 million since 2014 to fix 50,140 bugs, with about half of that work done in the past year.

Mark Litchfield made it into the firm’s “Hacker Hall of Fame” last year by being the first to pull in more than $500,000 in bounties through the platform, well more than he earned at his last full-time security job, at consulting firm NCC Group.

In the old days, “The only payout was publicity, free press,” Litchfield said. “That was the payoff then. The payoff now is literally to be paid in dollars.”

There are other emerging ways to make money too. Justine Bone’s medical hacking firm, MedSec, took the unprecedented step last year of openly teaming with an investor who was selling shares short, betting that they would lose value.

It was acrimonious, but St Jude Medical ultimately fixed its pacemaker monitors, which could have been hacked, and Bone predicted others will try the same path.

“Us cyber security nerds have spent most of our careers trying to make the world a better place by engaging with companies, finding bugs which companies may or may not repair,” Bone said.

“If we can take our expertise out to customers, media, regulators, nonprofits and think tanks and out to the financial sector, the investors and analysts, we start to help companies understand in terms of their external environment.”

Chris Wysopal, co-founder of code auditor Veracode, bought in April by CA Technologies, said that he was initially skeptical of the MedSec approach but came around to it, in part because it worked. He appeared at Black Hat with Bone.

“Many have written that the software and hardware market is dysfunctional, a lemon market, because buyers don’t know how insecure the products they purchase are,” Wysopal said in an interview.

“I’d like to see someone fixing this broken market. Profiting off of that fix seems like the best approach for a capitalism-based economy.”

(Reporting by Joseph Menn and Jim Finkle; additional reporting by Dustin Volz; Editing by Jonathan Weber and Grant McCool)

Italy’s UniCredit reveals data attack involving 400,000 clients

Unicredit bank logo is seen in the old city centre of Siena, Italy June 29, 2017. REUTERS/Stefano Rellandini

By Paola Arosio and Gianluca Semeraro

MILAN (Reuters) – Suspected hackers have accessed client data of Italy’s biggest lender, UniCredit <CRDI.MI>, in two attacks in the past 10 months and affected about 400,000 Italian customers, the most serious data breach ever reported by a major Italian lender.

No passwords were stolen in the attacks, which first occurred in September and October of 2016 and again in June and July of this year, but personal and banking details could have been accessed, UniCredit said in a statement.

The attacks were carried out through an external commercial partner, which UniCredit did not identify. Wednesday’s statement also did not describe how the intruders accessed the data nor when the bank became aware of the first intrusion.

A source familiar with the matter said the bank had only uncovered the data breaches between Monday and Tuesday.

“The bank immediately adopted all necessary measures to prevent a repeat of such intrusions,” the bank said, adding that it had notified law-enforcement authorities.

The head of UniCredit’s information technology unit, Daniele Tonella, said none of the data accessed by the attackers allowed any financial transaction to be carried out.

“We don’t know why this data was acquired,” he told Reuters, adding that it also did not know who was behind the attacks.

Attacks on banks in recent years have become more sophisticated and resulted in mounting financial losses.

They have evolved beyond data breaches, in which personal information are stolen, to include denial-of-service attacks which have knocked out access to online banking services for up to several days and even intrusions into core banking systems.

Last November, attackers stole more than 2.5 million pounds ($3.25 million) from Tesco Bank in Britain’s largest disclosed cyber heist.

UniCredit shares were down 0.9 percent at 16.87 euros in late morning trade.

(Additional reporting by Silvia Aloisi; Editing by Mark Bendeich and Edmund Blair)