1. Home
  2. Major cyberattack sweeps globe, India affected, Jawaharlal Nehru Port in Mumbai hit

Major cyberattack sweeps globe, India affected, Jawaharlal Nehru Port in Mumbai hit

Agencies
June 28, 2017

New Delhi, Jun 28: A major global cyber attack on Tuesday disrupted computers at Russia's biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that last month infected more than 300,000 computers.

cyberattack

India was also among the countries affected by the ransomware with the country's largest port Jawaharlal Nehru Port Trust in Mumbai shutting down operations at one of its three terminals.

News agency reported that operations at one of the three terminals of the country's largest container port were impacted as a fallout of the global ransomware attack, which crippled some central banks and many large corporations in Europe.

The rapidly spreading cyber extortion campaign underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

It included code known as "Eternal Blue," which cyber security experts widely believe was stolen from the US National Security Agency (NSA) and was also used in last month's ransomware attack, named "WannaCry."

"Cyber attacks can simply destroy us," said Kevin Johnson, chief executive of cyber security firm Secure Ideas. "Companies are just not doing what they are supposed to do to fix the problem."

The ransomware virus crippled computers running Microsoft Corp's Windows by encrypting hard drives and overwriting files, then demanded USD300 in bitcoin payments to restore access. More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

Microsoft said the virus could spread through a flaw that was patched in a security update in March.

"We are continuing to investigate and will take appropriate action to protect customers," a spokesman for the company said, adding that Microsoft antivirus software detects and removes it.

RUSSIA AND UKRAINE MOST AFFECTED

Russia and Ukraine were most affected by the thousands of attacks, according to security software maker Kaspersky Lab, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States. The total number of attacks was unknown.

Security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.

Still, the attack could be more dangerous than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks said in a blog post analyzing the attack.

Researchers said the attack may have borrowed malware code used in earlier ransomware campaigns known as "Petya" and "GoldenEye".

Following last month's attack, governments, security firms and industrial groups aggressively advised businesses and consumers to make sure all their computers were updated with Microsoft patches to defend against the threat.

The US Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.

In a statement, the White House National Security Council said there was currently no risk to public safety. The United States was investigating the attack and determined to hold those responsible accountable, it said.

The NSA did not respond to a request for comment. The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.

Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries' governments deny charges they are involved in hacking.

'DON'T WASTE YOUR TIME'

The first attacks were reported from Russia and Ukraine.

Russia's Rosneft, one of the world's biggest crude producers by volume, said its systems had suffered "serious consequences," but added oil production had not been affected because it switched over to backup systems.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government's computer network went down and the central bank reported disruption to operations at banks and firms including the state power distributor.

Danish shipping giant AP Moller-Maersk said it was among the victims, reporting outages at facilities including its Los Angeles terminal.

WPP, the world's largest advertising agency, said it was also infected. A WPP employee who asked not to be named said that workers were told to shut down their computers: "The building has come to a standstill."

A Ukrainian media company said its computers were blocked and it was asked to pay USD300 in the crypto-currency bitcoin to regain access.

"Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service," the message said, according to a screenshot posted on Ukraine's Channel 24.

Russia's central bank said there were isolated cases of lenders' IT systems being infected. One consumer lender, Home Credit, had to suspend client operations.

Other companies that identified themselves as victims included French construction materials firm Saint Gobain , US drugmaker Merck & Co and Mars Inc's Royal Canin pet food business.

JNPT AFFECTED

India-based employees at Beiersdorf, makers of Nivea skin care products, and Reckitt Benckiser, which owns Enfamil and Lysol, told Reuters the ransomware attack had impacted some of their systems in the country.

AP Moller-Maersk, one of the affected entities globally, operates the Gateway Terminals India (GTI) at JNPT, which has a capacity to handle 1.8 million standard container units.

"We have been informed that the operations at GTI have come to a standstill because their systems are down (due to the malware attack). They are trying to work manually," a senior JNPT official said tonight.

The official explained that JNPT is trying to help the company, but there is little that others can do as the problem s with the systems.

Fearing some clogging up of cargo, additional parking space is being made available, the official said, promising to help in any way that is possible.

Western Pennsylvania's Heritage Valley Health System's entire network was shut down by a cyber attack on Tuesday, according to local media reports.

WANNACRY

Last's month's fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called "kill switch" that experts hailed as the decisive step in slowing the attack.

Security experts said they did not believe that the ransomware released on Tuesday had a kill switch, meaning that it might be harder to stop.

Ukraine's cyber police said on Twitter that a vulnerability in software used by MEDoc, a Ukrainian accounting firm, may have been an initial source of the virus, which researchers including cyber intelligence firm Flashpoint said could have infected victims via an illegitimate software update.

In a Facebook post, MEDoc confirmed it had been hacked but denied responsibility for originating the attack.

An adviser to Ukraine's interior minister said earlier in the day that the virus got into computer systems via "phishing" emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 5,2020

New Delhi, Mar 5: Union Health Minister Harsh Vardhan assuring that the government has the coronavirus crisis under control, is like the Titanic captain telling passengers not to panic as his ship was unsinkable, Congress leader Rahul Gandhi said on Thursday.

Gandhi's remarks came after Vardhan's assurance in Parliament that the government is taking all necessary measures to prevent the spread of COVID-19 (coronavirus disease) in India.

“The health minister saying that the Indian government has the coronavirus crisis under control, is like the Captain of the Titanic telling passengers not to panic as his ship was unsinkable,” Gandhi said in a tweet.

“It's time the government made public an action plan backed by solid resources to tackle this crisis,” he said.

RMS Titanic was a British passenger liner that sank in the North Atlantic Ocean in the early morning hours of April 15, 1912, after striking an iceberg during her maiden voyage from Southampton to New York.

Gandhi has been raising concerns over the coronavirus infection since long. In a February 12 tweet, he had said coronavirus is an extremely serious threat to “our people and our economy”.

“My sense is the government is not taking this threat seriously. Timely action is critical,” he had said.

Earlier this week, Gandhi had hit out at Prime Minister Narendra Modi over the detection of fresh coronavirus cases in the country, saying he should quit wasting India's time “playing the clown” with his social media accounts when India is facing an emergency.

With the message of “Here's how it's done”, Gandhi had also tweeted a video of Singaporean Prime Minister Lee Hsien Loong addressing Singaporeans on how to deal with the coronavirus.

The number of coronavirus cases in India is 29, including 16 Italians, the government had said on Wednesday, adding all international passengers will now be screened at airports, amid growing concern over the spread of the respiratory infection.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 21,2020

Lucknow, Jul 21: Madhya Pradesh Governor Lalji Tandon, a veteran political figure in Uttar Pradesh where he had served as a cabinet minister, died at a hospital here early Tuesday.

The 85-year-old was admitted to the hospital on June 11 with breathing problems, fever and difficulty in urination.

He died at 5:35 am in Medanata Hospital, according to his son Ashutosh Tandon, a UP cabinet minister.

Lalji Tandon is survived by wife and three sons.

His body will be kept at his official residence in Hazratganj and later at his Sindhi Tola residence in Chowk to enable people to pay their last respects.

The last journey will start at 4 in the evening for the Gulala Ghat where his last rites will be performed later in the day, Ashutosh Tandon said in a statement.

The UP government has announced three days mourning as a mark of respect to Lalji Tandon, a former cabinet minister, a government spokesman said.

Belonging to the Atal Bihari Vajpayee and L K Advani era of BJP leaders, Lalji Tandon proved himself as an able administrator during his decades-long political career in Uttar Pradesh.

A former Lok Sabha MP, he was later given gubernatorial responsibility.

He took oath as Madhya Pradesh governor on July 29, 2019, when the Congress was in power in the state, after serving in the same post in Bihar for nearly 11 months. 

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 27,2020

Jun 27: Alittle-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.

New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence.

Aspects of BellTroX's hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, five people familiar with the matter told Reuters. The U.S. Department of Justice declined to comment.

Reuters does not know the identity of BellTroX's clients. In a telephone interview, the company's owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing.

Muddy Waters founder Carson Block said he was "disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX." KKR declined to comment.

Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report that BellTroX employees were behind the espionage campaign.

"This is one of the largest spy-for-hire operations ever exposed," said Citizen Lab researcher John Scott-Railton.

Although they receive a fraction of the attention devoted to state-sponsored espionage groups or headline-grabbing heists, "cyber mercenary" services are widely used, he said. "Our investigation found that no sector is immune."

A cache of data reviewed by Reuters provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after Reuters alerted the firms to unusual patterns of activity on their platforms.

The data is effectively a digital hit list showing who was targeted and when. Reuters validated the data by checking it against emails received by the targets.

On the list: judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States. These dozens of people, among the thousands targeted by BellTroX, did not respond to messages or declined comment.

Reuters was not able to establish how many of the hacking attempts were successful.

BellTroX's Gupta was charged in a 2015 hacking case in which two U.S. private investigators admitted to paying him to hack the accounts of marketing executives. Gupta was declared a fugitive in 2017, although the U.S. Justice Department declined to comment on the current status of the case or whether an extradition request had been issued.

Speaking by phone from his home in New Delhi, Gupta denied hacking and said he had never been contacted by law enforcement. He said he had only ever helped private investigators download messages from email inboxes after they provided him with login details.

"I didn't help them access anything, I just helped them with downloading the mails and they provided me all the details," he told Reuters. "I am not aware how they got these details but I was just helping them with the technical support."

Reuters could not determine why the private investigators might need Gupta to download emails. Gupta did not return follow-up messages. Spokesmen for Delhi police and India's foreign ministry did not respond to requests for comment.

HOROSCOPES AND PORNOGRAPHY

Operating from a small room above a shuttered tea stall in a west-Delhi retail complex, BellTroX bombarded its targets with tens of thousands of malicious emails, according to the data reviewed by Reuters. Some messages would imitate colleagues or relatives; others posed as Facebook login requests or graphic notifications to unsubscribe from pornography websites.

Fahmi Quadir's New York-based short selling firm Safkhet Capital was among 17 investment companies targeted by BellTroX between 2017 and 2019. She said she noticed a surge in suspicious emails in early 2018, shortly after she launched her fund.

Initially "it didn't seem necessarily malicious," Quadir said. "It was just horoscopes; then it escalated to pornography."

Eventually the hackers upped their game, sending her credible-sounding messages that looked like they came from her coworkers, other short sellers or members of her family. "They were even trying to emulate my sister," Quadir said, adding that she believes the attacks were unsuccessful.

U.S. advocacy groups were also repeatedly targeted. Among them were digital rights organizations Free Press and Fight for the Future, both of whom have lobbied for net neutrality. The groups said a small number of employee accounts were compromised, but the wider organizations' networks were untouched. The spying on those groups was detailed in a report by the Electronic Frontier Foundation in 2017, but has not been publicly tied to BellTroX until now.

Timothy Karr, a director at Free Press, said his organization "sees an uptick in breach attempts whenever we're engaged in heated and high-profile public policy debates." Evan Greer, deputy director of Fight for the Future, said: "When corporations and politicians can hire digital mercenaries to target civil society advocates, it undermines our democratic process."

While Reuters was not able to establish who hired BellTroX to carry out the hacking, two former employees said the company and others like it were usually contracted by private investigators on behalf of business rivals or political opponents.

Bart Santos of San Diego-based Bulldog Investigations was one of a dozen private detectives in the United States and Europe who told Reuters they had received unsolicited advertisements for hacking services out of India - including one from a person who described himself as a former BellTroX employee. The pitch offered to carry out "data penetration" and "email penetration."

Santos said he ignored those overtures, but could understand why some people didn't. "The Indian guys have a reputation for customer service," he said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.