Leaked NSA tools used in cyber attack on UK hospitals, analysts say
May 12, 2017
Coroner to reopen case into 8-year-old’s hanging after school releases video
May 12, 2017

Leaked NSA tools used in global cyber attack, analysts say

Creatas/Thinkstock(LONDON) — Companies around the world, including at least one major U.S. company, were hit by a sophisticated cyberattack on Friday that continues to sweep across the globe.
Cybersecurity experts told ABC News that the unidentified attackers exploited a vulnerability in Microsoft Windows that was identified by the U.S. National Security Agency (NSA) and leaked to the public by the hacker group The Shadow Brokers in April.
Microsoft released a patch to address the vulnerability, but networks that did not adopt it would have remained vulnerable. The tech company did not immediately respond to ABC News' request for comment.
“This appears to be the first incidence of the use of an NSA exploit in a broad and far reaching cybercriminal campaign,” John Bambenek of Fidelis Cybersecurity said.
Senior officials at the “highest levels” of the U.S. government met late Friday to see what, if anything, they could do to stop the attacks and confront the potential for it to proliferate inside the U.S. One official said “American companies may fare better than those overseas because they are better at cyber hygiene.” In many cases, the senior official said, the attacks have been successful because they are against pirated or unauthorized copies of Microsoft Windows, which cannot be easily patched to fix the vulnerability.
According to Ryan Kalember, senior Vice President of cyber security strategy at the cybersecurity firm Proofpoint, a “ransomware worm” using the essentially unaltered NSA code is spreading across corporate networks in at least 74 countries, with European and Asian countries among the hardest hit. Russia, he said, was particularly vulnerable because many of its networks use older versions of Microsoft Windows.
“This is depressing as a cybersecurity expert,” Kalember said. “The patch has existed since the vulnerability was made public, so if people were applying it, this never had to happen.”
Kalember says it is spreading rapidly, making it difficult to identify “patient zero” and attribute the attack to a particular hacker group.
Tyler Wood, a former top cybersecurity official who now works for a major telecommunications firm, told ABC News the forensic work to identify the perpetrators may take some time, and it could be a private attacker or a state.
FedEx appears to be the first U.S.-based target, though Kalember said he is aware of others who have not spoken publicly. A spokesperson for FedEx confirmed to ABC News that the company is among the victims of the ransomware attacks.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” said a spokesperson in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”
Some of the first reports emerged from England, where hospitals across the country were hit by ransomware attacks, in which hackers infect computers with malicious software and demand ransoms to restore access, according to the National Health Service (NHS).
As of this afternoon, 16 facilities with the NHS, which is the publicly funded health care system for England, had reported that they were affected by what appeared to be a large-scale cyberattack.
"The investigation is at an early stage but we believe the malware variant is Wanna Decryptor," NHS Digital, the body of the Department of Health that uses information and technology to support the health care system, said in a statement.
The attack has locked computers and blocked access to patient files. But there's no evidence so far that patient data has been accessed, NHS Digital said.
Chris Camacho, chief strategy officer at the cybersecurity firm Flashpoint, said healthcare companies are particularly ripe for this kind exploitation because patient records are so critical to care.
“There’s nothing you can do but pay once you’re hit,” Camacho said. “If you need that data back, you’re going to pay.”
Following the leak of NSA tools, Bambenek told ABC News that he had conversations with high-ranking U.S. national security officials in which he urged them to share information with private vendors so that they could develop countermeasures because the NSA had “lost control of its own weapons.”
“That did not progress rapidly enough, and here we are today,” Bambenek said. “The NSA can have very smart people finding these vulnerabilities, but not very smart people can start using them to very devastating effect.”
Copyright © 2017, ABC Radio. All rights reserved.