NHS Cyberattack Was 'launched from N. Korea'

British security officials believe that hackers in North Korea were behind the cyber-attack that crippled parts of the NHS and other organisations around the world last month, the BBC has learned. Britain's National Cyber Security Centre (NCSC) led the international investigation.

Security sources have told the BBC that the NCSC believes that a hacking group known as Lazarus launched the attack. The US Computer Emergency Response Team has also warned about Lazarus.

The same group is believed to have targeted Sony Pictures in 2014.  The Sony hack came as the company planned to release the movie The Interview, a satire about the North Korean leadership starring Seth Rogen. The movie was eventually given a limited release after an initial delay.The same group is also thought to have been behind the theft of money from banks.

NHS Hit

In May, ransomware called WannaCry swept across the world, locking computers and demanding payment for them to be unlocked. The NHS in the UK was particularly badly hit.
Officials in Britain's National Cyber Security Centre (NCSC) began their own investigation and concluded their assessment in recent weeks.
The ransomware did not target Britain or the NHS specifically, and may well have been a money-making scheme that got out of control, particularly since the hackers do not appear to have retrieved any of the ransom money as yet.
Although the group is based in North Korea the exact role of the leadership in Pyongyang in ordering the attack is less clear.

Detective Work

Private sector cyber-security researchers around the world began picking apart the code to try to understand who was behind the attack soon after.
Adrian Nish, who leads the cyber threat intelligence team at BAE Systems, saw overlaps with previous code developed by the Lazarus group.
"It seems to tie back to the same code-base and the same authors," Nish says. "The code-overlaps are significant."
Private sector cyber security researchers reverse engineered the code but the British assessment by the NCSC - part of the intelligence agency GCHQ - is likely to have been made based on a wider set of sources.
America's NSA has also more recently made the link to North Korea but its assessment is not thought to have been based on as deep as an investigation as the UK, partly because the US was not hit as hard by the incident.
Officials say they have not seen any significant evidence supporting other possible culprits.

Central Bank Hack

North Korean hackers have been linked to money-making attacks in the past - such as the theft of $81m from the central bank of Bangladesh in 2016.
This sophisticated attack involved making transfers through the Swift payment system which, in some cases, were then laundered through casinos in the Philippines.
"It was one of the biggest bank heists of all time in physical space or in cyberspace," says Nish, who says further activity has been seen in banks in Poland and Mexico.
The Lazarus group has also been linked to the use of ransomware - including against a South Korean supermarket chain.
Other analysts say they saw signs of North Korea investigating the bitcoin method of payment in recent months.

Scattergun

The May 2017 attack was indiscriminate rather than targeted. Its spread was global and may have only been slowed thanks to the work of a British researcher who was able to find a "kill switch" to slow it down.
The attacks caused huge disruption in the short term but they may have also been a strategic failure for the group behind it.
Researchers at Elliptic, a UK-based company which tracks bitcoin payments, say they have seen no withdrawals out of the wallets into which money was paid, although people are still paying in to them.
Those behind the attack may not have expected it to have spread as fast as it did.

Once they realised that their behaviour was drawing global attention, the risks of moving the money may have been seen as too high given the relatively small amount involved, leaving them with little to show for their work.

The revelation of the link to North Korea will raise difficult questions about what can be done to respond or deter such behaviour in the future.

Ein News

You Might Also Read:

US Blames North Korea For Hacking:

North Korea's Unit 180 Managed WannaCry Attack:

 

 

« Report Predicts Banks To Get €4.7bn Fines In First 3 years Under GDPR
UK Fraud Hotspots Revealed »

Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Academy of Cyber Security

Academy of Cyber Security

The Academy of Cyber Security is on a mission to provide affordable, accessible, & world-class education in cyber security.