Tag Archives: Cyber Security

Half of German companies hit by sabotage, spying in last two years, BSI says

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

BERLIN (Reuters) – More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said on Friday, and estimated the attacks caused around 55 billion euros’ worth of damage a year.

Several high-profile attacks have occurred recently, such as the WannaCry ransomware attacks in May and a virus dubbed “NotPetya” that halted production at some companies for more than a week. Others lost millions of euros to organized crime in a scam called “CEO Fraud”.

Some 53 percent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found – up from 51 percent in a 2015 study.

At the same time, the damage caused rose by 8 percent to around 55 billion euros a year, the survey of 1,069 managers and people responsible for security in various sectors found.

Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said.

“The high number of companies affected clearly shows that we still have work to do on cyber security in Germany,” he said in a statement on Friday.

The BSI urged companies in Europe’s largest economy to make information security a top priority and said all companies need to report serious IT security incidents, even if anonymously.

Schoenbohm told Reuters in an interview that hardware and software makers should do their part to shore up cyber security and patch weaknesses in software more quickly once identified.

“There’s still a lot of work to be done,” he said. “We have to be careful that we don’t focus solely on industry and computer users, but also look at the producers and quality management.”

Some 62 percent of companies affected found those behind the attacks were either current or former employees. Forty-one percent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said.

Foreign intelligence agencies were found to be responsible in 3 percent of the cases, it said.

Twenty-one percent believed hobby hackers were responsible while 7 percent attributed attacks to organized crime.

(Reporting by Michelle Martin, Andrea Shalal and Thorsten Severin; Editing by Larry King and Hugh Lawson)

FedEx says cyber attack to hurt full-year results

A Federal Express truck is shown on deliver in La Jola, California, U.S., May 17, 2017. REUTERS/Mike Blake

(Reuters) – Package delivery company FedEx Corp <FDX.N> said a disruption in services in its TNT Express unit following a cyber attack last month would hurt its full-year results.

FedEx’s shares fell as much as 3.4 percent to $211.53 in early trading as the company said the financial impact of the disruption on its results was likely to be “material”.

The Netherlands-based TNT Express is still experiencing widespread service delays following the attack, caused by the Petya cyber virus that spread through a Ukrainian tax software product, FedEx said.

FedEx said it lost revenue due to decreased volumes at TNT Express and incurred incremental costs from contingency plans and remediation of affected systems.

The company said it did not have an insurance in place that covered the impact from the cyber attack.

FedEx, which is evaluating the financial impact of the cyber attack, said it was unable to estimate when services at TNT Express would be fully restored. (http://bit.ly/2uAnQKG)

The company also said no data breach or data loss to third parties was known to have occurred as of July 17.

The Petya cyber virus spread from Ukraine in June, crippling thousands of computers around the globe, with the shipping and logistics industry among those hit the hardest.

The malicious code encrypted data on machines and demanded victims $300 ransoms for recovery, similar to the extortion tactic used in the global WannaCry ransomware attack in May.

FedEx is scheduled to report its first-quarter results in September.

(Reporting by Ankit Ajmera in Bengaluru; Editing by Maju Samuel and Saumyadeb Chakrabarty)

German military aviation command launches cyber threat initiative

A German Air Force piolt poses inside the cockpit of an Airbus A400M military aircraft at the ILA Berlin Air Show in Schoenefeld, south of Berlin, Germany, June 1, 2016. Picture taken with a fish-eye lens. REUTERS/Fabrizio Bensch

By Andrea Shalal

BERLIN (Reuters) – The German military’s aviation safety chief has launched a new initiative against cyber threats, citing research that he said shows hackers can commandeer military airplanes with the help of equipment that costs about 5,000 euros ($5,700).

A defense ministry spokesman told Reuters that development of new “aviation cyber expertise” would cover everything from raising consciousness about cyber threats to technical research projects and equipping aircraft with protective systems.

State Secretary Katrin Suder had backed the idea, which Major General Ansgar Rieks, head of the German Military Aviation Authority, proposed in a letter in June, the spokesman said.

Rieks said last week that he was unnerved by a demonstration by the government-funded German Aerospace Center (DLR) in Bavaria showing hackers could take control of an aircraft with inexpensive equipment.

“That frightens me. I wrote to the state secretary about it and said doing nothing would amount to gross negligence,” he said at a talk at a conference in Bueckeburg, Germany. He said the issue was also a vital concern for civil aviation.

He said military officials needed to focus not just on potential problems with computer software, but should also work to “ensure that airplanes cannot be taken over from the ground, or possibly by a passenger in the air”.

A spokesman for the DLR, which has studied aviation cyber security extensively, had no immediate comment on the issue.

Germany’s military this year launched a new cyber command that groups cyber units from across the military, which will also involved in the new aviation cyber initiative.

Cyber resilience – making sure that systems can survive a cyber attack and keep functioning – was a major topic during a conference at Bundeswehr University Munich last month, the DLR spokesman said.

Germany’s military is also working on the aviation cyber issue within the European Union and NATO, he said.

Concerns about cyber attacks on aircraft and in the broader aviation sector have grown sharply in recent years with a growing barrage of attacks and breaches against other sectors.

Many experts fear that the aviation industry has not kept pace with the threat hackers pose to increasingly computer-connected airplanes.

Rapid adoption of communication protocols similar to those used on the internet to connect cockpits, cabins and ground controls, have left air traffic open to vulnerabilities bedevilling other sectors such as finance and oil and gas.

(Reporting by Andrea Shalal; Editing by Louise Ireland)

U.S. Energy Department helping power firms defend against cyber attacks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Jim Finkle, Scott DiSavino and Timothy Gardner

(Reuters) – The U.S. Department of Energy said on Friday it is helping U.S. firms defend against a hacking campaign that targeted power companies including at least one nuclear plant, saying the attacks have not impacted electricity generation or the grid.

News of the attacks surfaced a week ago when Reuters reported that the U.S. Department of Homeland Security and Federal Bureau of Investigation issued a June 28 alert to industrial firms, warning them of hacking targeting the nuclear, power and critical infrastructure sectors.

“DOE is working with our government and industry partners to mitigate any impact from a cyber intrusion affecting entities in the energy sector,” a Department of Energy representative said in an email to Reuters. “At this time, there has been no impact to systems controlling U.S. energy infrastructure. Any potential impact appears to be limited to administrative and business networks.”

It was not clear who was responsible for the hacks. The joint report by the DHS and the FBI did not identify the attackers, though it described the hacks as “an advanced persistent threat,” a term that U.S. officials typically but not always use to describe attacks by culprits.

The DOE discussed its response to the attacks after Bloomberg News reported on Friday that the Wolf Creek nuclear facility in Kansas was among at least a dozen U.S. power firms breached in the attack, citing current and former U.S. officials who were not named.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said via email.

A separate Homeland Security technical bulletin issued on June 28 included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

The June 28 alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

David Lochbaum, a nuclear expert at the nonprofit group Union of Concerned Scientists, said reactors have a certain amount of immunity from cyber attacks because their operation systems are separate from digital business networks. But over time it would not be impossible for hackers to potentially do harm.

“Perhaps the biggest vulnerability nuclear plants face from hackers would be their getting information on plant designs and work schedules with which to conduct a physical attack,” Lochbaum said.

The DOE said it has shared information about this incident with industry, including technical details on the attack and mitigation suggestions.

“Security professionals from government and industry are working closely to share information so energy system operators can defend their systems,” the agency representative said.

Earlier, the FBI and DHS issued a joint statement saying “There is no indication of a threat to public safety” because the impact appears limited to administrative and business networks.

The Nuclear Regulatory Commission has not received any notifications of a cyber event that has affected critical systems at a nuclear plant, said spokesman Scott Burnell.

A nuclear industry spokesman told Reuters last Saturday that hackers have never gained access to a nuclear plant.

(Reporting by Jim Finkle in Toronto, Scott DiSavino in New York and Timothy Gardner in Washington; Additional reporting by Dustin Volz in Washington and Joseph Menn in San Francisco; Editing by Bernard Orr)

Kansas nuclear operator is victim in hacking spree: Bloomberg

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Jim Finkle

(Reuters) – Hackers recently breached a Kansas nuclear power operator as part of a campaign that breached at least a dozen U.S. power firms, Bloomberg News reported on Thursday, citing current and former U.S. officials who were not named.

The Wolf Creek nuclear facility in Kansas was breached in the attack, according to Bloomberg.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said in an email to Reuters.

The report identified the first known victims of a hacking campaign targeting the power sector that was first reported by Reuters on June 30. The attacks were described in a confidential June 28 U.S government alert to industrial firms, warning them of a hacking campaign targeting the nuclear, power and critical infrastructure sectors.

The U.S. Department of Homeland Security and Federal Bureau of Investigation said that hackers had succeeded in compromising networks of some targets, but did not name victims. The government also released a 30-page bulletin with advice on how firms could bolster security to defend against the attacks.

The alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

Homeland Security and the FBI issued a statement to Reuters late on Thursday saying that the alert was part of an ongoing effort to advise industry of cyber threats.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the agencies said.

A nuclear industry spokesman told Reuters on Saturday that hackers have never gained access to a nuclear plant.

The Homeland Security technical bulletin included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

(Reporting by Jim Finkle in Toronto; Additional reporting by Dustin Volz in Washington; Editing by Bernard Orr)

Private not state hackers likely to have targeted UK parliament: sources

FILE PHOTO - The Union Flag flies near the Houses of Parliament in London, Britain, June 7, 2017. REUTERS/Clodagh Kilcoyne/File Photo

LONDON (Reuters) – A cyber attack on email accounts of British lawmakers last month is likely to have been by amateur or private hackers rather than state-sponsored, European government sources said.

The private email accounts of up to 90 of the 650 members of Britain’s House of Commons were targeted in late June, with some news reports suggesting that the attack was carried out by a foreign government, such as Russia.

However, cyber security experts had found that the hackers only managed to access accounts of lawmakers who used primitive and easily discovered passwords, the sources, who are familiar with the investigations into the attacks, said.

It remains unclear who did carry out the attack, they added.

Investigators hope the hack will convince politicians and other public figures to use more sophisticated passwords for their email and other online activities.

British authorities are not commenting publicly on the progress of investigations, but an official cautioned after the hack was discovered that “cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states.”

(Reporting by Mark Hosenball; Editing by Alexander Smith)

Ukraine software firm says computers compromised after cyber attack

FILE PHOTO - A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

KIEV (Reuters) – The Ukrainian software firm at the center of a cyber attack that spread around the world last week said on Wednesday that computers which use its accounting software are compromised by a so-called “backdoor” installed by hackers during the attack.

The backdoor has been installed in every computer that wasn’t offline during the cyber attack, said Olesya Bilousova, the chief executive of Intellect Service, which developed M.E.Doc, Ukraine’s most popular accounting software.

Last week’s cyber attack spread from Ukraine and knocked out thousands of computers, disrupting shipping and shut down a chocolate factory in Australia as it reached dozens of countries around the world.

Ukrainian politicians were quick to blame Russia for a state-sponsored hack, which Moscow denied, while Ukranian cyber police and some experts say the attack was likely a smokescreen for the hackers to install new malware.

The Ukrainian police have seized M.E.Doc’s servers and taken them offline. On Wednesday morning they advised every computer using M.E.Doc software to be switched off. M.E.Doc is installed in around 1 million computers in Ukraine, Bilousova said.

“… the fact is that this backdoor needs to be closed. There was a hacking of servers,” Bilousova told reporters.

“As of today, every computer which is on the same local network as our product is a threat. We need to pay the most attention to those computers which weren’t affected (by the attack). The virus is on them waiting for a signal. There are fingerprints on computers which didn’t even use our product.”

(Reporting by Jack Stubbs; writing by Matthias Williams; Editing by Toby Chopra)

Police seize servers of Ukrainian software firm after cyber attack

A view shows a laptop display (R) showing part of a code, which is the component of Petya malware computer virus according to representatives of Ukrainian cyber security firm ISSP, with an employee working nearby at the firm's office in Kiev, Ukraine July 4, 2017. REUTERS/Valentyn Ogirenko

By Jack Stubbs and Pavel Polityuk

KIEV (Reuters) – Ukrainian police on Tuesday seized the servers of an accounting software firm suspected of spreading a malware virus which crippled computer systems at major companies around the world last week, a senior police official said.

The head of Ukraine’s Cyber Police, Serhiy Demedyuk, told Reuters the servers of M.E.Doc – Ukraine’s most popular accounting software – had been seized as part of an investigation into the attack.

Though they are still trying to establish who was behind last week’s attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued by M.E.Doc, charges the company’s owners deny.

The owners were not immediately available for comment on Tuesday.

Premium Service, which says it is an official dealer of M.E.Doc’s software, wrote a post on M.E.Doc’s Facebook page saying masked men were searching M.E.Doc’s offices and that the software firm’s servers and services were down.

Premium Service could not be reached for further comment.

Cyber Police spokeswoman Yulia Kvitko said investigative actions were continuing at M.E.Doc’s offices, adding that further comment would be made on Wednesday.

The police move came after cyber security investigators unearthed further evidence on Tuesday that the attack had been planned months in advance by highly-skilled hackers, who they said had inserted a vulnerability into the M.E.Doc progamme.

Ukraine also took steps on Tuesday to extend its state tax deadline by one month to help businesses hit by the malware assault.

Researchers at Slovakian security software firm ESET said they had found a “backdoor” written into some of M.E.Doc’s software updates, likely with access to the company’s source code, which allowed hackers to enter companies’ systems undetected.

“VERY STEALTHY AND CUNNING”

“We identified a very stealthy and cunning backdoor that was injected by attackers into one of M.E.Doc’s legitimate modules,” ESET senior malware researcher Anton Cherepanov said in a technical note. “It seems very unlikely that attackers could do this without access to M.E.Doc’s source code.”

“This was a thoroughly well-planned and well-executed operation,” he said.

ESET said at least three M.E.Doc updates had been issued with the “backdoor vulnerability”, and the first one was sent to clients on April 14, more than two months before the attack.

ESET said the hackers likely had access to M.E.Doc’s source code since the beginning of the year, and the detailed preparation before the attack was testament to the advanced nature of their operation.

Oleg Derevianko, board chairman at Ukrainian cyber security firm ISSP, said an update issued by M.E.Doc in April delivered a virus to the company’s clients which instructed computers to download 350 megabytes of data from an unknown source on the internet.

The virus then exported 35 megabytes of company data to the hackers, he told Reuters in an interview at his office in Kiev.

“With this 35 megabytes you can exfiltrate anything – emails from all of the banks, user accounts, passwords, anything.”

Little known outside Ukrainian accounting circles, M.E.Doc is used by around 80 percent of companies in Ukraine. The software allows its 400,000 clients to send and collaborate on financial documents between internal departments, as well as file them with the Ukrainian state tax service.

Ukraine’s government said on Tuesday it would submit a draft law to parliament for the country’s tax deadline to be extended to July 15, and waive fines for companies who missed the previous June 13 cutoff because of the attack.

“We had program failures in connection to the cyber attack, which meant that businesses were unable to submit account reports on time,” Prime Minister Volodymyr Groysman told a cabinet meeting.

Separately, Ukraine’s security service, the SBU, said it had discussed cyber defense with NATO officials and had received equipment from the alliance to better combat future cyber attacks. Ukraine is not in NATO but is seeking closer ties.

On Saturday Ukrainian intelligence officials accused Russian security services of being behind the attack, and cyber security researchers linked it to a suspected Russian group who attacked the Ukrainian power grid in December 2016.

A Kremlin spokesman dismissed charges of Russian involvement as “unfounded blanket accusations”.

Derevianko said the hacker’s activity in April and reported access to M.E.Doc’s source code showed Ukraine’s computer networks had already been compromised and that the intruders were still operating inside them.

“It definitely tells us about the advanced capabilities of the adversaries,” he said. “I don’t think any additional evidence is needed to attribute this to a nation-state attack.”

(Additional reporting by Natalia Zinets; Writing by Jack Stubbs; Editing by Gareth Jones and Matthias Williams)

U.N. survey finds cybersecurity gaps everywhere except Singapore

FILE PHOTO - A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Tom Miles

GENEVA (Reuters) – Singapore has a near-perfect approach to cybersecurity, but many other rich countries have holes in their defenses and some poorer countries are showing them how it should be done, a U.N. survey showed on Wednesday.

Wealth breeds cybercrime, but it does not automatically generate cybersecurity, so governments need to make sure they are prepared, the survey by the U.N. International Telecommunication Union (ITU) said.

“There is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities and programmes,” the survey said.

The United States came second in the ITU’s Global Cybersecurity Index, but many of the other highly rated countries were small or developing economies.

The rest of the top 10 were Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France and Canada. Russia ranked 11th. India was 25th, one place ahead of Germany, and China was 34th.

The ranking was based on countries’ legal, technical and organizational institutions, their educational and research capabilities, and their cooperation in information-sharing networks.

“Cybersecurity is an ecosystem where laws, organizations, skills, cooperation and technical implementation need to be in harmony to be most effective,” the survey said.

“The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised.”

The crucial first step was to adopt a national security strategy, but 50 percent of countries have none, the survey said.

Among the countries that ranked higher than their economic development was 57th-placed North Korea, which was let down by its “cooperation” score but still ranked three spots ahead of much-richer Spain.

The smallest rich countries also scored badly – Andorra, Liechtenstein, Monaco and San Marino were all well down the second half of the table. The Vatican ranked 186th out of 195 countries in the survey.

But no country did worse than Equatorial Guinea, which scored zero.

(Reporting by Tom Miles)

Family firm in Ukraine says it was not responsible for cyber attack

Sergei Linnik, general director of Ukrainian software development firm Intellect Service, and his daughter Olesya pose for a picture at the company’s offices in Kiev, Ukraine July 3, 2017. REUTERS/Pavel Polityuk

By Jack Stubbs and Pavel Polityuk

KIEV (Reuters) – Ukrainian company Intellect Service was not responsible for last week’s international cyber attack that brought down the computer systems of several major companies, the father and daughter team told Reuters on Monday.

Cyber security investigators are still trying to establish who was behind the attack.

But Ukrainian officials and security firms including Microsoft <MSFT.O>, Cisco’s <CSCO.O> Talos and Symantec <SYMC.O> say they have confirmed that some of the initial infections occurred when malware was transmitted to users of a Ukrainian tax software program called M.E.Doc.

They say the virus, dubbed NotPetya by some experts, was primarily spread via an update issued by M.E.Doc, the accounting software developed by Olesya Linnik and her father Sergei at his company, Intellect Service.

In their first interview with foreign media since the attack, the Linniks said there was no evidence M.E.Doc, which is Ukraine’s most-popular accounting software, was used to spread the virus and they did not understand the charges against them.

“What has been established in these days, when no one slept and only worked? We studied and analysed our product for signs of hacking – it is not infected with a virus and everything is fine, it is safe,” said Olesya, managing partner at Intellect Service.

“The update package, which was sent out long before the virus was spread, we checked it 100 times and everything is fine.”

Little known outside Ukrainian accounting circles, M.E.Doc is an everyday part of life at around 80 percent of companies in Ukraine. The software allows its 400,000 clients to send and discuss financial documents between internal departments, as well as file them with the Ukrainian state tax service.

POLICE INVESTIGATING

Investigators have said M.E.Doc’s expansive reach is what made it a prime target for the unknown hackers, who were looking for a way to infect as many victims as possible.

“These malware families were spread using Ukrainian accounting software called M.E.Doc,” researchers at Slovakian security software firm ESET said in a blog post on Friday.

“M.E.Doc has an internal messaging and document exchange system so attackers could send spearphishing messages to victims.”

Ukrainian police said on Monday the Linniks could now face criminal charges if it is confirmed they knew about the infection but took no action.

“We have issues with the company’s leadership, because they knew there was a virus in their software but didn’t do anything … if this is confirmed, we will bring charges,” Serhiy Demedyuk, the head of Ukraine’s cyber police, told Reuters in a text message.

Speaking before Demedyuk’s comments at the company’s modest offices on an industrial estate in Kiev, Sergei, Intellect Service’s general director, raised his voice in frustration.

“We built this business over 20 years. What is the point of us killing our own business?”

Olesya said the company was cooperating with investigators and the police were yet to reach any conclusions.

“The cyber police are currently bogged down in the investigation, we gave them the logs of all our servers and there are no traces that our servers spread this virus,” she said.

“M.E.Doc is a transportation product, it delivers documents. But is an email program guilty in the distribution of a virus? Hardly.”

(Writing by Jack Stubbs; Editing by Anna Willard)