Ataque de malware massivo afecta 74 países, aumentando as preocupações sobre a base russa Kaspersky Lab
Mai, 12, 2017
O ataque de malware, que recebeu o nome de "WannaCry" (WanaCrypt0r 2.0, aka WCry), explora as vulnerabilidades no Microsoft Windows bloqueando usuários fora de seus arquivos, a menos que o administrador pague um resgate pesado. Por: Joe Stone Fonte: Lima Charlie News Ver também: Colapso de hospitais no Reino Unido depois do vírus ransomware utilizar uma vulnerabilidade do NSA para invadir o sistema informático Médicos usam caneta e papel após computadores terem sido afetados pelo surto mundial Fonte: The Register, em 12 de Maio de 2017 Ransomware - Perguntas e respostas Por: Will Goodbody Fonte: RTE, em 12 de Maio de 2017 Inquérito global revela o impacto da diminuição da confiança na Internet no comércio eletrónico Um novo inquérito global revela que os utilizadores da Internet estão cada vez mais preocupados com a sua privacidade online, e que 49 por cento dos utilizadores afirmam que a falta de confiança é a principal razão para não fazerem compras na Internet Fonte: Conferência das Nações Unidas sobre Comércio e Desenvolvimento, em 24 de Abril de 2017 Ver ainda: UNCTAD semana do E-Commerce Week em Geneve 2017 CIGI-Ipsos Inquérito Global sobre Segurança na Internet & Confiança O Fórum de Segurança Informática de Durbin avalia o panorama da ameaça A maturação do cibercrime tem impacto em todo o setor empresarial Por: Tom Field (Editor de Segurança) Fonte: Bank Info Security, em 5 de Maio de 2017 Ameaças à segurança tecnológica - Symantec, 2017 - é assustador olhar para o desconhecido O relatório de 2017 da Symantec sobre ameaças à segurança tecnológica lembra mais um catálogo de horrores para a série CSI e para as suas equipes, com espiões cibernéticos e criminosos a causar o caos por toda a parte Por: Jerry Bowles Fonte: Diginomina, em 4 de Maio de 2017 O Relatório Anual de Ameaças à Segurança na Internet da Symantec Cinco imperativos de segurança cibernética para todas as empresas Fonte: Computer Weekly, em 12 de Maio de 2017 Ministros das Finanças do G7 falam sobre segurança cibernética no rescaldo dos ataques Fonte: Times of India, em 13 de Maio de 2017 Inteligência Artificial é o futuro da cibersegurança, para o melhor ou para o pior Por: Roman V. Yampolskiy Fonte: Harvard Business Review, em 8 de Maio de 2017 Movimento a caminho da integração em empresas de segurança tecnológica As grandes organizações querem as melhores tecnologias e maior integração. Elas comprariam vendedores de ciber-segurança de nível empresarial - se soubessem quem estes são Por: Jon Oltsik Fonte: Network World, em 2 de Maio de 2017 Perspetivas e Previsões do Mercado da Cibersegurança Global para 2017-2022: A despesa cumulativa de Governos e Empresas atinge um valor próximo do trilião de dólares - Pesquisa e Mercados Fonte: PR Newswire, em 8 de Maio de 2017


Massive malware attack spreads to 74 countries, concerns rise over Russia based Kaspersky Lab

On Friday, a massive ransomware attack which initially focused on Russia spread to 74 countries worldwide. Cybersecurity firm Avast said that number may be as high as 99 countries, with more than 75,000 attacks. It said the majority of attacks targeted Russia, Ukraine and Taiwan.

The malware attack, which has been named “WannaCry” (WanaCrypt0r 2.0, aka WCry), exploits vulnerabilities within Microsoft Windows locking users out of their files unless the administrator pays a hefty fee.

The malware encrypts files on the victim’s computer and then prompts the user for a payment of $600 in Bitcoin. Initially it was reported that the ransomware was asking for $300, but they seemed to have modified their coding. Alongside the payment request are two countdown timers. The first timer warns that the payment amount will increase if it expires and other timer, which is set for a longer period, warns that all files will be deleted if payment is not made at all.

This attack has wreaked havoc worldwide. In the UK, at least 16 medical institutions, including hospitals, were forced to shut down and turn away non-emergency patients until they could get systems back online.

In Spain, their Computer Emergency Response Team issued a statement that several government organizations had been infected as well.

Russia’s ministry for internal security claims to have been hit as well, stating that 1,000 of its computers had been affected. MegaFon, one of Russia’s largest telecoms reported it had been hacked as well.

Spain reported a large number of companies attacked, including telecommunications giant Telefonica (TEF.MC).

U.S. based FedEx confirmed today that it had been affected and was “experiencing interference.”

The Financial Times reports that the malware is likely the result of National Security Agency “digital weapons” that were leaked online last year by a group called the Shadowbrokers. According to Becky Pinkard, vice-president at Digital Shadows, a cyber intelligence firm, “They seem to have adapted one particular tool, Eternal Blue, and that would explain why this is spreading so fast.”


Kaspersky Lab, a Moscow based internet security company whose products are widely used in homes, businesses, and government agencies around the world, was the first to report on the attack. Kaspersky Lab has been under recent scrutiny by US intelligence because of their market position and possible ties to Russian intelligence services.

The intelligence community has warned repeatedly about increasing cyber threats. Just yesterday, before the U.S. Senate Intelligence Committee investigating Russia’s alleged meddling in the U.S. presidential election, Senator Marco Rubio (R-FL) asked top U.S. intelligence officials the following question about Kaspersky:

“And this is for all the members of the committee, as has been widely reported, and people know this, Kaspersky Lab software is used by not hundreds of thousands, millions of Americans. To each of our witnesses I would just ask, would any of you be comfortable with the Kaspersky Lab software on your computers?”

Acting FBI Director Andrew McCabe, CIA Director Mike Pompeo, Director of National Intelligence Dan Coats, NSA Director Michael S. Rogers, Director of the Defense Intelligence Agency Lt. Gen. Vincent Stewart and the Director of the National Geospatial-Intelligence Agency Robert Cardillo all answered with “no.”

At yesterday’s hearing Senator Joe Manchin (D-WV) grilled the intelligence committee over the use of Kaspersky software.

Executives at Kaspersky have denied any links to Russian government. According to Buzzfeed a spokesperson for Kaspersky stated this week, “[Kaspersky] has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts. For 20 years, Kaspersky Lab has been focused on protecting people and organizations from cyberthreats, and its headquarters’ location doesn’t change that mission–just as a U.S.-based cybersecurity company doesn’t send or allow access to any sensitive data from its products to the U.S. government, Kaspersky Lab products also do not allow any access or provide any secret data to any country’s government.”

It appears that the malware exploits Windows based computers that haven’t received the Microsoft security patch released on March 14th. The patch covers vulnerabilities in not just the operating systems themselves but in applications including the Microsoft Explorer and Edge browsers, Microsoft Office applications, Adobe Flash Player, and even the Windows DVD Maker among others.

These updates are available on the following operating systems:
¿ Windows Vista
¿ Windows Server 2008
¿ Windows 7
¿ Windows Server 2008 R2
¿ Windows 8.1
¿ Windows Server 2012
¿ Windows Server 2012 R2
¿ Windows RT 8.1
¿ Windows 10
¿ Windows Server 2016

Currently, Kapersky Labs recommends installation of the latest patch from Microsoft and doing malware scans of your system. They have also of course recommended installation of their own scanning software as well.

There may be other systems and applications that could be vulnerable. The best thing to do is make sure your system is kept up to date with this latest security patch.

Por: Joe Stone
Fonte: Lima Charlie News, em 12 de Maio de 2017

Ver também:

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT
Docs use pen and paper after computers scrambled amid global outbreak
Fonte: The Register, em 12 de Maio de 2017

Ransomware - Questions and answers
Por: Will Goodbody
Fonte: RTE, em 12 de Maio de 2017

Global survey reveals the impact of declining trust in the internet on e-commerce
A new global survey reveals that Internet users are increasingly concerned about their online privacy, and that 49 percent of users polled say lack of trust is their main reason for not shopping online
Fonte: Conferência das Nações Unidas sobre Comércio e Desenvolvimento, em 24 de April de 2017
Ver ainda:
UNCTAD E-Commerce Week in Geneva
2017 CIGI-Ipsos Global Survey on Internet Security & Trust

Information Security Forum's Durbin Sizes Up Threat Landscape
Maturation of Cybercrime Has Impact in Every Business Sector
Por: Tom Field (SecurityEditor)
Fonte: Bank Info Security, em 5 de Maio de 2017

Symantec’s Internet Security Threats 2017 – it’s scary down the rabbit hole
Symantec’s 2017 Internet Security Threat Report reads more like a catalog of horrors for CIS and their staffs, with cyber spies and criminals running amuck everywhere.
Por Jerry Bowles
Fonte: Diginomina, em 4 de Maio de 2017
O relatório: Symantec’s annual Internet Security Threat Report

Five cyber security imperatives for all companies
Fonte: Computer Weekly, em 12 de Maio de 2017

G7 finance chiefs talk cyber security in wake of attacks
Fonte: Times of India, em 13 de Maio de 2017

AI Is the Future of Cybersecurity, for Better and for Worse
Por: Roman V. Yampolskiy
Fonte: Harvard Business Review, em 8 de Maio de 2017

The move toward enterprise security technology integration
Large organizations want best-of-breed technologies and integration. They would buy from enterprise-class cybersecurity vendors—if they knew who they were.
Por: Jon Oltsik
Fonte: Network World, em 2 de Maio de 2017

Global Cybersecurity Market Outlook and Forecasts 2017 - 2022: Cumulative Enterprise and Governments Spending will Reach Nearly $1 Trillion - Research and Markets
Fonte: PR Newswire, em 8 de Maio de 2017

Eventos de Terceiros
Dia da FEP
Apresentação de Livros
Sessão pública de apresentação do livro - Da Gestão, em (...)
Sede da Ordem
Eventos de Terceiros
Fórum da RUITEM - Rede Universitária Ibero-americana de (...)
Instituto Superior Téc...
Eventos de Terceiros
Festa de Verão Alumni da U.Porto
Universidade do Porto
Telf.: 213 929 470
Fax: 213 961 428
Rua da Estrela, n.° 8
1200-669 LISBOA
Horário dos serviços: Dias úteis (9h-13h / 14h30- 17h30)  Contactos dos Serviços:Telefones
para qualquer informação
fique a par das últimas notícias