Asia largely survives global cyber attack, but "threat not over" (Updated Sunday)

A fast-moving wave of cyberattacks swept the globe Friday, but Asian countries report relatively little damage. Researchers warn the threat is not over.

Please join us on our Facebook page http://www.facebook.com/bangkokpostlearningnoon update

Sunday update

Asia still assessing ransomware damage

Agencies and Post reporters

SINGAPORE: Some hospitals, schools and universities in Asia were hit by a global cyber attack that has infected tens of thousands of computers in Europe and the United States, but officials and researchers said the extent of the damage is not yet known.

In some cases, businesses that have been closed for the weekend may not realise they have been hit until their staff return to work on Monday and turn on their computers, one expert warned.

In Thailand, the Digital Economy and Society Ministry said it had received no reports of the WannaCry ransomware attacks so far.

Ministry staff are working with the Thailand Computer Emergency Response Team under the Electronic Transactions Development Agency to monitor and stop the spread of the ransomware, said Group Capt Somsak Khaosuwan, the ministry's permanent secretary.

Thailand has been mentioned as one of 99 countries where the ransomware was said to have infected computers, but details of businesses or institutions affected were not yet known. Just last week, Thai police warned of the growing threat of ransomware attacks in the country.

Thai authorities have advised computer users not to open attachments from suspicious-looking email and to ensure that they have the most recent Microsoft patch for their Windows operating systems.

Government spokesman Sansern Kaewkamnerd said that Prime Minister Prayut Chan-o-cha had warned people to exercise utmost caution when downloading files. He has also asked the DE Ministry to investigate any incidents and alert people about how to prevent them.

The Xinhua news agency in China said secondary schools and universities were hit by the ransomware, which encrypts files and demands that the user pay a sum of money in Bitcoin to unlock the files. It did not say how many schools were hit or identify them.

William Saito, cyber security adviser to the Japanese cabinet and trade ministry, said some of the country's institutions were affected but declined to elaborate.

South Korea's Yonhap news agency said one of Seoul's university hospitals had been affected. An official said it wasn't yet clear whether the hospital, which he declined to name, had been hit by the ransomware or some other malware.

In Indonesia, at least two major healthcare centres, Dharmais Hospital and Harapan Kita Hospital in Jakarta, were affected, said Semuel Pangerapan, a director-general at Indonesia's Communication and Information Ministry.

One of Vietnam's leading antivirus software companies said dozens of people had reported infections.

"This number may increase as people return to work next week. A large number of computers will be turned back on and may be targets," said Vu Ngoc Son, vice-president of Bkav Anti Malware.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Officials in the Philippines and Singapore said there were no reports of breaches of critical infrastructure.

New Zealand and Australia reported no impact on any organisations. India's chief information security officer, Gulshan Rai, said there appeared to be no damage.

Asian exposure limited but threat remains

Two factors may account for the limited reports of damage in Asia.

The worm began to spread in Europe on Friday, by which time it was already early evening in many Asian countries. The worm spreads most efficiently through organisational networks, not home computers, said Vikram Thakur, principal research manager at Symantec.

That means officials will need to wait until Monday, when business resumes, to gauge the impact on Japan, said Saito.

"In Japan, things could likely emerge on Monday," he said.

Another factor may be that the worm's spread was limited by the actions of a British-based researcher, who told Reuters he registered a domain that he noticed the malware was trying to connect to.

By buying the domain, the researcher, who declined to give his name but goes by the Twitter handle @malwaretechblog, may have curtailed the worm's spread.

"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," said Symantec's Thakur.

"The numbers are extremely low and coming down fast; don't expect this to remain a major threat across this weekend apart from those in firefighting mode."

But the attackers may yet tweak the code and restart the cycle. The British-based researcher who foiled the ransomware's spread said he hadn't seen any such tweaks yet, "but they will".

Saturday afternoon update

Microsoft now says that updated Windows 10 systems were not affected by the attack since a patch was issued in March. The company has also issued patches for older versions of Windows, especially Windows XP, which normally are not supported.

Noon update

Researcher finds 'kill switch' for cyberattack ransomware

Hong Kong, AFP – A cybersecurity researcher appears to have discovered a "kill switch" that can prevent the spread of the WannaCry ransomware – for now – that has caused the cyberattacks wreaking havoc globally, they told AFP Saturday.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

"Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading," @MalwareTechBlog told AFP in a private message on Twitter.

The researcher warned however that people "need to update their systems ASAP" to avoid attack.

"The crisis isn't over, they can always change the code and try again," @MalwareTechBlog said.

Morning story

Fast-moving cyberattacks wreak havoc worldwide

Washington, AFP – A fast-moving wave of cyberattacks swept the globe Friday, apparently exploiting a flaw exposed in documents leaked from the US National Security Agency.

The attacks – which experts said affected dozens of countries -- used a technique known as "ransomware" that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin.

Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx and many other organisations.

Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities.

Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT, "We are now seeing more than 75,000 detections... in 99 countries."

Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating "worm," was spreading quickly.

In a statement, Kaspersky Labs said it was "trying to determine whether it is possible to decrypt data locked in the attack – with the aim of developing a decryption tool as soon as possible."

"It's unequivocally scary," said John Dickson of the Denim Group, a US security consultancy.

Dickson said the malware itself, which exploits a flaw in Windows, was not new but that adding the ransomware "payload" made it especially dangerous.

"I'm watching how far this propagates and when governments get involved," he said.

The malware's name is WCry, but analysts were also using variants such as WannaCry.

Forcepoint Security Labs said in a statement that the attack had "global scope" and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico.

In the United States, FedEx acknowledged it had been hit by malware and was "implementing remediation steps as quickly as possible."

Britain's National Health Service declared a "major incident" after the attack, which forced some hospitals to divert ambulances and scrap operations.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email," Lance Cottrell, chief scientist at the US technology group Ntrepid.

"The ransomware can spread without anyone opening an email or clicking on a link."

"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people's lives in danger," said Kroustek, the Avast analyst.

สามารถฝึกอ่านออกเสียงและดูคำแปลได้ที่ : http://www.bangkokpost.com/learning/learning-from-news/1248875/asia-largely-survives-global-cyber-attack-but-threat-not-over-updated-sunday-