A global cyberattack leveraging hacking tools believed to have been developed by the U.S. National Security Agency hit shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.

A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the U.S. National Security Agency hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries on Friday.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.
The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

http://www.reuters.com/article/us-britain-security-hospitals-idUSKBN18820S

A global cyberattack leveraging hacking tools believed to have been developed by the U.S. National Security Agency hit shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.

A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the U.S. National Security Agency hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries on Friday.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.
The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

http://www.reuters.com/article/us-britain-security-hospitals-idUSKBN18820S

What irony. "National SECURITY Agency" LOL

Hackers tryin' to trigger nuclear meltdown...
http://www.politicalwrinkles.com/images/smilies/eek.gif
Hackers breached a dozen US nuclear plants, reports say
Fri, 07 Jul 2017 - Operating firms were targeted by malicious code hidden in fake job applications, US media report.


Hackers breached at least a dozen US power plants in attacks in May and June, US media report, citing intelligence officials. The targets included the Wolf Creek nuclear facility in Kansas, according to several reports. An urgent Department of Homeland Security (DHS) report indicated a foreign power, possibly Russia, was responsible, the New York Times said. The DHS document carried the second-highest threat rating, the Times said. Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked but said there had been "no operational impact" at the plant. "The reason that is true is because the operational computer systems are completely separate from the corporate network," spokeswoman Jenny Hageman told Reuters.



https://ichef.bbci.co.uk/news/660/cpsprodpb/8B15/production/_96850653_mediaitem96850652.jpg
The Wolf Creek plant in Kansas was reportedly among those attacked


In a joint statement with the FBI, a spokesman for the Department of Homeland Security said there was "no indication of a threat to public safety". The hackers appeared to be attempting to map out computer networks for future attacks, according to the DHS report seen by the Times. They sent highly targeted emails to senior engineers at operating firms behind the nuclear plants, mimicking job applications but laced with malicious code, the newspaper said. Officials told the Times that the techniques resembles those used by Russian specialists linked to previous attacks on energy facilities.


US investigators accused Russia-based hackers of being behind a 2015 attack that caused blackouts across Ukraine. Hacking is a tool increasingly deployed by nation states to infiltrate foreign industrial networks. The US and Israel reportedly used the now-infamous Stuxnet worm in an attempt to damage an Iranian nuclear facility. The worm attacked the facility's nuclear centrifuges by overriding the system and instructing them to spin much faster than intended, reportedly causing severe physical damage.


http://www.bbc.com/news/world-us-canada-40538061


See also:


Could new data laws end up bankrupting your company?
Thu, 06 Jul 2017 - The EU General Data Protection Regulations (GDPR) start next year, but many firms are ill prepared.


The European Union's General Data Protection Regulation (GDPR) comes into force in May 2018, radically changing the way organisations have to look after our personal data. Failure to comply could lead to huge fines, yet many businesses are far from ready. Here's why you should care.



https://ichef.bbci.co.uk/news/660/cpsprodpb/47ED/production/_96831481_gettyimages-511585616.jpg
Many companies are in full "panic" mode, says KPMG's Mark Thompson


What is GDPR exactly?


A new EU regulation governing how organisations should handle and protect our personal data. Many of the stipulations are already covered by the UK's Data Protection Act; but simply put, organisations need to keep records of all personal data, be able to prove that consent was given, show where the data's going, what it's being used for, and how it's being protected. Accountability is the new watchword. If personal data gets stolen after a cyber-attack, companies have to report the breach within 72 hours of realising it. And the definition of personal data has been extended to include extra categories such as your computer's IP address or your genetic make-up - anything that could be used to identify you.


Why should businesses care?


Non-compliance with the GDPR could lead to huge fines of 20 million euros or 4% of global turnover, whichever is the greater. For a company like tech giant Apple, that could amount to billions of dollars. Consult Hyperion, an electronic financial transactions specialist, forecasts that European financial institutions could face fines totalling 4.7bn euros (£4.1bn; $5.3bn) in the first three years following the GDPR coming into force. Anthony Lee, a partner in law firm DMH Stallard, says: "Talk Talk [a UK telecoms company] was fined £400,000 for failing to prevent the 2015 customer data breach, but under the new regime fines could be many multiples of this."



https://ichef-1.bbci.co.uk/news/624/cpsprodpb/12E65/production/_96831477_gettyimages-480981612.jpg
Is this your firm's attitude to GDPR?


However, a spokesperson for the UK's Information Commissioner's Office (ICO) - the body responsible for enforcing GDPR in the UK - says: "The new law equals bigger fines for getting it wrong but it's important to recognise the business benefits of getting data protection right. "There is a real opportunity for organisations to present themselves on the basis of how they respect the privacy of individuals - and gain a competitive edge. "But if your organisation can't demonstrate that good data protection is a cornerstone of your business policy and practices when the new law comes in next year, you're leaving your organisation open to enforcement action that can damage both public reputation and bank balance."


Why should consumers care? (http://www.bbc.com/news/business-40441434)

The new data laws put the burden of protecting data on those who collect and store it. Who else should bear that burden?

Don't collect it if you don't want to protect it.

No. Korea responsible for hospital ransomware attacks...
:shocked:
US Blames North Korea for Global Cyber Attack
December 18, 2017 - The United States is publicly blaming North Korea for unleashing a cyber attack that crippled hospitals, banks and other companies across the globe earlier this year.


In an op-ed piece posted on the Wall Street Journal website Monday night, Homeland Security Adviser Tom Bossert said that North Korea was "directly responsible'' for the WannaCry ransomware attack, and that Pyongyang will be held accountable for it. "The attack was widespread and cost billions, and North Korea is directly responsible," Bossert writes. "North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious."


https://gdb.voanews.com/92746798-64B8-4C9E-8A28-E4F3D9FEEE29_w650_r0_s.jpg
Patients wait near a banner informing of a delay in service due to a cyberattack at the Dharmais Cancer Hospital in Jakarta, Indonesia

Bossert says President Donald Trump's administration will continue to use its "maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise.'' Pyongyang has previously denied being responsible for the attack.

But, the U.S. government has assessed with a "very high level of confidence" that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, carried out the WannaCry attack, senior officials told Reuters.

https://www.voanews.com/a/us-blames-north-korea-for-global-cyber-attack-/4169682.html

The new data laws put the burden of protecting data on those who collect and store it. Who else should bear that burden?

Don't collect it if you don't want to protect it.

Will the fds be exempt from their own laws again this time?

Will the fds be exempt from their own laws again this time?

Who?

The Feds.

Who?

The feds. Will they be held blameless when information they are holding is taken?