Latest news with #WannaCry
Yahoo
29-05-2025
- Politics
- Yahoo
Britain's building a £1bn ‘army of hackers' – but they have already been outpaced by Russia
'The keyboard has become a weapon of war,' Defence Secretary John Healey announced at MoD Corsham, the UK's military cyber HQ, on Wednesday. Britain's digital defences are facing daily attacks from hostile states, he warned, and the time has come to fight back with a £1 billion injection to fund new artificial intelligence capabilities and an army of hackers. Yet while the money is certainly a welcome boost, the language used has raised a few eyebrows. It's 'talking about cyber operations as if they're new,' scoffed Matthew Savill, director of military science at the Royal United Services Institute (RUSI) on the BBC's Today programme on Wednesday. 'It's been 15 years since Stuxnet.' Savill, who it's fair to say has the inside scoop after several years as a senior civil servant in the Ministry of Defence (MoD), was referring to the highly sophisticated computer virus discovered in 2010 that had been used to sabotage Iran's nuclear facilities, widely attributed to a joint operation between the US and Israel. It was a watershed moment in cyber warfare – proving how nation states could now cause vast damage from behind a computer screen, without a shot being fired. Not only that, but it also revealed – to the concern of many – the impressive cyber operations several countries now had in their locker. Indeed, the US had made dominance in cyber a strategic goal as far back as the mid-1990s. China and Russia had quickly followed in the early 2000s, with Moscow investing heavily in technology to boost its intelligence units and Beijing openly integrating 'information warfare' into its military strategy. Britain, however, was slower off the mark. Despite first being hit by state-sponsored cyber espionage in 2003, when malware designed to steal sensitive data was found on a government employee's device, it wasn't until 2010 that the National Security Strategy officially ranked cyber attacks as a 'Tier 1' threat – on par with terrorism. Some 15 years on, as Savill told the BBC's Jonny Dymond, defence chiefs appear yet again to be 'catching up'. The danger this lack of action and investment has put the UK in was laid bare earlier this month in a report by the House of Commons' Public Accounts Committee (PAC). Crumbling Government computer systems have been outpaced by cyber criminals, MPs warned, with more than a quarter of all public sector IT systems using vulnerable, older 'legacy' technology. Britain's critical infrastructure has already felt the impact of these weaknesses – from the devastating WannaCry ransomware attack on the NHS in 2017 to the recent hits experienced by retailers such as Marks & Spencer, the Co-op and Harrods. Each attack only reaffirms the need to improve resilience. Indeed, the UK Government is in no doubt of the need for – and effectiveness of – a world-leading cyber operation. Just keeping at bay the 90,000 cyber attacks the country has faced from hostile states in the past two years is difficult enough (double the previous number in the same time period up to 2023), less actually going on the offensive. 'One of the reasons you might be seeing a pivot to spending more money on cyber in our armed forces, rather than bombs and bullets, is because it can level the playing field,' says Prof Alan Woodward, cybersecurity expert from the University of Surrey. 'It acts as a force multiplier. 'Smaller countries can get a bigger bang for their buck – there's no longer as much need for an overwhelming physical superiority over the enemy, you can instead just turn off their lights and gas. We are a much smaller military nation than we once were – the armed forces can't even fill Wembley Stadium. So cyber is a way of punching above our weight. 'If you spend the money wisely and you can develop the capability, then there is the possibility you can be ready for some of the threats in what is an increasingly volatile world. It's what allowed Ukraine to make a damn good fist of fighting what on paper should be an overwhelming physical force from Russia.' The UK's armed forces and intelligence agencies do in fact possess significant cyber expertise – Britain's GCHQ being the jewel in its crown, helped by its close allegiance with its counterpart in the US, the National Security Agency. Its offensive cyber unit once conducted a hugely successful cyber campaign against Islamic State in 2017 that made it 'almost impossible' for the terror group to 'spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications,' according to Jeremy Fleming, then-head of GCHQ. A major problem, however, lies in its size. The scale of its cyber teams is modest – numbering in the low thousands – and often relying on contractors or partner support for advanced operations. In contrast, adversaries like China or Russia deploy vast numbers of keyboard warriors. This was spelt out in the recent PAC report, which warned of a shortage of cyber skills experts, particularly in the public sector. Woodward points to two main reasons behind this: firstly, the lack of students opting to study engineering, and secondly, the poor pay on offer for those who opt for the civil service. In China, between 30 to 40 per cent of graduates have a STEM (science, technology, engineering or mathematics) qualification – compared to around 5 per cent 'if you're lucky' in the UK, he says. 'They're hard, complicated subjects and people don't want to do them, even though if you do computer science your chances of getting a job are practically guaranteed, and you'll be earning one of the highest salaries.' Yet the big-money jobs are generally only available in the private sector – where the pay on offer can often be nearly twice as much as their public sector counterparts. 'How do you compete against banks and people like that paying large salaries?' says Woodward. In contrast, other nation states like China are going 'hell for leather' in attracting the best talent to the military and government agencies. Industry insiders have certainly noted the skills shortage. 'Police, security services and government departments need to recruit and accelerate cyber skills and capabilities to stay one step ahead of the bad actors,' says Ed Dolman, head of Europe, Middle East, and Africa at digital forensics firm Cellebrite, which provides the MoD and other government agencies with the technology to carry out cyber investigations. 'Britain cannot afford to play catch up any more and sleepwalk into this increasingly dangerous world. 'Growing volumes of increasingly sophisticated cyber-attacks perpetuated by rogue states and organised criminal groups mean that ramping up the UK's security capabilities should be at the very top of the Government agenda.' The Government has at least been looking to bolster its defences with cyber personnel. In 2020, the Government established a specialist unit called the National Cyber Force to carry out the UK's offensive cyber activity to protect the UK. Its aim is to reach 3,000 cyber experts by the end of the decade. To give a sense of scale of the fight Britain is up against however, estimates for China's own 'hacker army' range between 50,000 to 100,000. The latest £1 billion injection to the UK's cyber defences will fund a new Cyber and Electromagnetic Command, which will upgrade targeting systems using an artificial intelligence 'kill web' that connects military systems. Experts suggest it hints that the UK may start to go on the offensive with its cyber operations, similar to its allies and enemies. 'The UK has been very cagey about talking about its offensive cyber capability,' Savill told the BBC. 'It's only a very slight cracking open of what remains a pretty secretive world. But it sounds like they want to talk a little bit more about their ability to take on hostile states.' Woodward suggests the UK may in fact have far more capability than has been publicly acknowledged. 'The UK has definitely been building its offensive cyber capabilities,' he says. 'Indeed, just because we haven't yet used it, doesn't mean we don't have the technology. It's a bit like saying: 'I've got a nuclear weapon, you've got a nuclear weapon, but I'm behind because I've never used it.'' Instead, unlike Moscow, the UK has to be far more careful – and often it's better not to show your hand until you need to, he says. 'Moscow has been far more aggressive and brazen about it. They like the disruption. Putin's regime is very happy to play fast and loose with these things and takes a lot more risk than the British government is willing to. 'We would never admit to it [offensive cyber operations], because if we did it would be an act of war.' For several years, Russia has carried out cyberattacks on Western critical infrastructure through criminal groups – allowing them to deny any involvement. Yet on the battlefield, particularly in Ukraine, they have been far more gung-ho with trying out autonomous AI weapons, such as drones that can recognise targets and fire. In its fight for survival, Ukraine has also tried such technology out. For the UK however, this presents an 'ethical dilemma'. 'Britain finds it hard enough with driverless cars,' jokes Woodward. Neither can it use criminal groups as a proxy for its dirty work. Yet, he suggests the UK has already carried out extensive digital espionage and may well be ready to unleash its own cyber weapons in the near future. 'If you're going for real disruption, like taking energy grids down, you don't want to play your hand,' he says, suggesting that it may have already started the process. Stuxnet, for example, was only discovered years after it had been lying in place. 'We may have already planted the seeds in various places. But actually triggering them is a different proposition – you don't want to use it until you really have to.' So while it might seem like we're late to the party, Woodward believes we may in fact be better prepared than some fear. 'It's not a sudden revolution in thinking, it's an evolution,' he says. 'I just think it's accelerated.' Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Techday NZ
13-05-2025
- Business
- Techday NZ
Ransomware surge sees hackers demand up to USD $8.6 million
On International Anti-Ransomware Day, cybersecurity experts are warning that ransomware threats continue to surge in scale and sophistication, with attacks increasingly targeting cloud infrastructure and exploiting human vulnerabilities rather than solely compromising computers and networks through traditional malware. The 12th of May marks the anniversary of the 2017 WannaCry attack that paralysed critical services worldwide, notably disrupting the National Health Service in the United Kingdom. Since then, ransomware has become a household term—albeit one still shrouded in technical complexity for many. Rebecca Moody, Head of Data Research at Comparitech, reflected on the shift, stating, "In 2017, ransomware, to many people, was still a huge unknown. Fast-forward to today, and it's a word within a lot of people's vocabulary—even if they don't understand the technical jargon surrounding it. This is because of large-scale attacks like WannaCry and the current attack on Marks and Spencer, bringing these types of attacks to the forefront." Moody revealed that ransomware attacks have not subsided. "Sadly, however, while awareness around these types of attacks has grown, so too has the number of attacks. Since 2018, we've seen yearly increases in the number of ransomware attacks (except for a dip in 2022), and the amount of data involved in these attacks has also risen exponentially." Hackers have honed their focus on double-extortion tactics, whereby criminals not only encrypt systems for ransom but also steal sensitive data for additional leverage. According to Comparitech's analysis, the UK has suffered 281 confirmed ransomware attacks since 2018, resulting in the breach of over 3.3 million records. Recent average ransom demands have reached nearly USD $8.6 million (GBP £6.5 million). For 2024 alone, there have been 40 attacks, affecting nearly 1.2 million records, with 12 attacks already reported so far this year. Moody noted that while no breaches have yet been reported for this year's attacks, significant numbers may emerge as incidents involving major companies such as Marks and Spencer and Co-op are investigated. "As we've seen with Harrods, Co-op, and M&S, social engineering tactics were used to carry out these attacks, whereby employees were tricked into changing their passwords," Moody added. She underscored that despite the evolving threat landscape, the fundamentals for defending against ransomware remain unchanged: maintaining up-to-date systems, patching vulnerabilities promptly, regular backups, robust incident response planning, and comprehensive staff training. This year, attention is also focusing on the rise of identity and cloud-driven attacks. Fabio Fratucello, Field CTO at CrowdStrike, explained: "Ransomware remains one of the most persistent and damaging threats facing organisations today. It has evolved far beyond being just an endpoint issue—it's now a challenge rooted in identity, cloud infrastructure and data security." Fratucello cited data from CrowdStrike's 2025 Global Threat Report, noting, "79% of initial access attacks are now malware-free and access broker activity has surged by 50% year over year. This shows a clear pivot towards stealth and credential-based attacks, making traditional defences obsolete." He advocated for unified, AI-driven platforms that deliver protection and visibility across endpoints, identities, and the cloud, arguing that legacy, fragmented tools are no longer sufficient. "In today's threat landscape, visibility is protection. And protection must start with consolidation," Fratucello asserted. Looking ahead, the interplay of artificial intelligence and cybercrime is poised to be the next frontier. KnowBe4, a prominent security company, predicts that agentic AI ransomware—autonomous, intelligent bots orchestrating attacks—will soon pose an unprecedented threat. Roger Grimes, KnowBe4's data-driven defense evangelist, commented: "AI agentic ransomware will gain initial access, analyse the environment, determine how to maximise malicious hacker profits, and implement the attacks. And it will not be just one attack, but a series of escalating attacks to maximise a malicious hacker's profit." Ransomware payments escalated over the past year, with average amounts climbing to USD $2.73 million, according to KnowBe4. Grimes highlighted that malicious actors typically adopt innovations six to twelve months after they are developed by legitimate cybersecurity researchers. He urged organisations to leverage AI and advanced defences now to prepare for the threats on the horizon. As cybercriminals continue to refine their tactics and exploit both technology and human factors, experts unanimously stress the enduring importance of proactive security practices. Regular training, technological consolidation, and continual vigilance remain the cornerstones of effective cyber defence against one of the digital age's most formidable adversaries.
Techday NZ
09-05-2025
- Business
- Techday NZ
Broadcom forces VMware clients to roll back crucial updates
Broadcom's recent changes to VMware licensing agreements are causing concern among IT professionals. Reports suggest that customers are being forced to roll back security updates, potentially exposing them to previously patched vulnerabilities. In early May 2025, VMware's parent company Broadcom began issuing cease-and-desist letters to customers with perpetual licences whose customer support had expired. These letters, according to reports verified by Ars Technica and highlighted by Comparitech in an analysis, demand that customers remove all updates made after the end of their support contracts, under threat of audits and possible litigation. The only exception to this demand allows customers to retain updates addressing zero-day vulnerabilities, or those with a Common Vulnerability Scoring System (CVSS) score of 9.0 or higher. All other security updates must be rolled back in compliance with Broadcom's current policy. Network administrators and IT professionals have expressed alarm at this directive's potential security and operational ramifications. According to users active on technical forums, including Reddit's /r/sysadmin, affected companies are placed in a difficult position: either remove important updates and risk security lapses, switch to more expensive subscription packages, or face the possibility of legal actions. Comparitech's analysis described this as leaving companies in a "zero-sum game" that could jeopardise future business prospects and the security of sensitive data. "Broadcom has effectively created a zero-sum game in which many existing customers who were grandfathered in after it purchased VMWare must now make a choice that could cost them millions and risk not only the future of their company but also the secure data that they maintain," the analysis stated. The policy has broader cybersecurity implications because rolling back updates reintroduces known vulnerabilities into network environments. These are security flaws that cybercriminals, including ransomware groups such as those behind the notorious WannaCry attacks, have previously exploited. "Update and security patch rollbacks are not benign. They reintroduce well-documented security flaws that cyber criminals have already learned to scan for and exploit," the analysis explained. The security concern is that ransomware gangs may target these known vulnerabilities, exploiting them to breach companies that had already patched the flaws. "Broadcom's efforts to force security rollbacks effectively threaten license holders with an order-of-magnitude increase in their risk of a data breach. While the company holding the license ultimately has the legal responsibility and business imperative to protect data, such actions on Broadcom's part raise serious ethical questions when businesses are forced to decrease protections and increase risk," Comparitech notes. Beyond security, update rollbacks could negatively affect the stability of critical IT infrastructure. Many updates patch security holes and deliver performance improvements and compatibility enhancements. Reverting to previous software states may destabilise hypervisors, break integrations with backup or disaster recovery tools, and disrupt operations in environments where reliability is crucial. "When companies are forced to revert their systems to an earlier state, it can quickly destabilise hypervisors, completely invalidate integrations with backup or DR tooling, and painfully disrupt resource scheduling for virtual workloads," Comparitech warned. For organisations in sectors such as education, healthcare, and government, where large volumes of regulated personal or health information are managed, system failures and downtime can become significant operational and financial risks. The sentiment among long-time VMware customers is described as betrayal and frustration. "This is like a mafioso shaking down a shopkeeper for protection money. I swear, if they won't be reasonable on my next phone call with them, then I will make it my mission — with God as my witness — to break the land speed record for fastest total datacenter migration to Hyper-V or Proxmox or whatever and shutting off ESXi forever. I'm THAT pissed off," one IT professional commented in April 2025 on /r/sysadmin. Comparitech's analysis suggests that Broadcom's actions put companies in a position where expensive migration to alternative platforms or subscription services may be the only safe option. However, these can be lengthy and complex processes. Many organisations may face significant costs or risks during the transition, and some may be unprepared to switch off VMware infrastructure quickly. With Broadcom reportedly willing to take legal action against non-compliant customers, as seen in an ongoing case against Siemens, the only immediate recourse for affected companies is to fortify their IT security. Steps recommended include hardening network perimeters, isolating vulnerable systems, implementing strict access controls, enhancing monitoring and detection, regular vulnerability scanning, auditing backup systems, reducing internet-facing exposures, and establishing a rapid response plan during the migration period. Broadcom completed its acquisition of VMware in 2023 and subsequently shifted VMware's licensing strategy. Perpetual licences for VMware products were discontinued, and new requirements pushed customers towards pricier, multi-year subscription models. In early 2024, the company also ended the availability of VMware's free ESXi hypervisor. It began restricting access to software downloads and binaries for customers without an active support-and-subscription agreement. "Broadcom's push to change VMware's licensing strategy was terrible from a customer service and customer satisfaction standpoint, but not immediately dangerous to customers and their data. However, the company's new efforts to strong-arm perpetual license holders into pricier subscription packages by canceling or failing to allow renewals of SnS agreements push its strategy into potentially unethical realms that endanger companies and their customers," Comparitech noted in its analysis. Comparitech plans to continue monitoring ransomware attack trends to assess whether future incidents can be traced to systems exposed through the forced rollback of security updates under Broadcom's policy.
ITV News
07-05-2025
- Business
- ITV News
Don't pay hackers: Cyber Security chief's warning after major retail attacks
The head of the UK's cyber security agency, which is helping Marks & Spence r, the Co-op and Harrods manage the fallout from three suspected ransomware attacks, has warned that all companies should resist the financial demands hackers make. 'Our advice is organisations shouldn't pay ransoms,' Dr Richard Horne, CEO of the National Cyber Security Centre, part of GCHQ, said. 'If [companies] pay because they hope the ransom attackers won't publish information, well, they need to know that all they've got is a criminal's word for it. And if they pay to recover their systems, well, they should have recovery plans in place so they can recover their systems anyway.' A ransomware attack occurs when hackers infect a company's computer systems with malicious software that encrypts files and locks users out, effectively paralysing parts of the IT network. Attackers then demand payment, usually in cryptocurrency, in exchange for a decryption key or to prevent the publication of stolen data. Horne explained, in the NCSC's experience, hackers tend to hold onto the data they steal and often don't unlock systems even when payments are made. Two weeks ago, on April 22, Marks & Spencer first admitted that it was dealing with the fallout from a cyber attack. Last week, the Co-op and Harrods revealed their systems had also been targeted by hackers. Since then, several independent cybersecurity experts have said the evidence suggests the hacks were carried out by Scattered Spider, a ransomware group. Yesterday, the technology news website Bleeping Computer reported that the hackers gained access to both the Co-op's and M&S's networks by impersonating employees, contacting the retailers' IT helpdesks and tricking helpdesk staff into resetting passwords. Richard Horne refused to be drawn on who the NCSC believes the hackers are, how they got in, what they managed to access or whether the attacks are linked. 'Until we have the facts, you just don't know,' he told ITV News. 'One of the challenges with cyber attacks is you are in a fog for a period, and picking your way through that fog — getting the facts, understanding exactly what the attackers did, what data they accessed, what data they didn't access, what systems they got to — that does take time. "We've seen many organisations take weeks, if not months, to get real clarity on what happened.' In the past, some ransomware gangs have been linked to foreign governments. The global WannaCry ransomware attack in 2017, which forced the NHS to cancel thousands of appointments and operations, was later linked to North Korea by Microsoft. The NCSC is not ruling out the influence of foreign governments in these incidents. Horne added that there's 'no evidence of deeply personal information being taken' in any of the three hacks, and he advised customers of M&S, the Co-op and Harrods not to change passwords as a precaution. The NCSC publishes advice and guidance on the steps organisations should take to prevent attacks and to respond effectively in the event of a successful hack. Horne wouldn't say if the three retailers had followed that advice or if the attacks were preventable. He did say that, across society, everyone is underestimating the scale of the risk cyber criminals pose. 'All organisations need to see this as a wake-up call — to understand what their exposure is to cyber attacks, to ensure they've got the right defences in place, and to make sure they've got a plan to be able to continue operations and recover should they be hit by a cyber attack,' he said.
Gulf Business
11-04-2025
- Business
- Gulf Business
Why cyber-resilience is key as UAE crypto exchanges navigate a high-stakes market
Image: Getty Images/ For illustrative purposes The global crypto community was shaken on February 21, as news broke of the largest crypto hack in history. North Korea's notorious state-sponsored hackers pulled off a monumental heist on crypto exchange, Bybit, and made off with some $1.5bn in ether (ETH). Having cut their teeth on projects such as the Sony Pictures Hack of 2014 and graduated to the big leagues with 2017's infamous WannaCry ransomware campaign, Lazarus now poses a very real threat to exchanges across the globe, including the UAE. The UAE has established itself as a leader in crypto regulation, fostering a secure and well-governed environment for digital assets. Its regulators oversee crypto activities to ensure compliance and transparency, while initiatives like government-backed cross-border crypto transactions with Saudi Arabia's central bank signal a commitment to innovation. Commercial banks are also embracing the sector, with Emirates NBD launching crypto trading in March 2025. All these positive developments have fueled the crypto market's growth, but an unfortunate side effect of this momentum is that it has made the sector an attractive target. As global interest in crypto grows, so too does the incentive for This presents a significant risk to exchanges operating in the Emirates. It is a crowded market and brand recognition is often the major draw for customers. Consequently, good press fuels success, but the wrong kind of story — even briefly — can shatter consumer confidence and erase them from relevance. Cybersecurity thrives on cautionary tales, but crypto depends on the unbreakable trust in its infrastructure. To stay ahead of digital threats, exchanges must outmatch the ingenuity of attackers — because the industry's survival depends on it. Call to arms for crypto exchanges Crypto assets and services can bring many benefits to the UAE banking system. They can diversify it and rekindle enthusiasm for banking among a now largely digital-native populace. There are signs that financial organisations in the UAE, and surrounding Gulf nations, are beginning to grasp some of the truths about the crypto world. For example, far from being the shadowy, anonymised environment portrayed by its detractors, blockchains are the most auditable transaction ecosystems in existence. All that remains is for governments and institutional investors to embrace these systems. The remaining challenges to widescale normalisation of crypto mostly hinge on wallet and exchange security. Chainalysis' 2025 This level of escalation cannot go unchallenged. It falls to those who run exchanges or are exploring the possibility of offering crypto services to take steps to prevent Lazarus-type actors from disrupting or demolishing ownership guarantees. Tools already exist to help with crypto security. Even crypto end-users have access to free resources that allow them to verify transactions and enhance their on- and off-chain security provisions. Strengthening defences To defend against large-scale breaches, there are some best practices exchanges and other service-providers can follow. Chainalysis has come up with these approaches through in-depth discussions with chief information security officers (CISOs). The experts strongly urge the implementation of stronger Web2 security like endpoint detection and response (EDR). Many of these tools are advanced enough in their threat intelligence to help identify and mitigate potential threats on devices used by exchange employees. Web2 measures also include the protection of signing computers by air-gapping — disconnecting them from the internet or any internet-exposed resource. These machines should be used only for signing crypto transactions. Where a hardware node must access a cold wallet, it should be subject to the most meticulous security measures — strictly secured and access-controlled. API key storage should integrate hardware security modules (HSMs), which add another layer of authentication. When it comes to Web3 infrastructure, there's an imperative for a dedicated process for communication between signers to ensure all approvals account for all possible nuances and variations between the parties. In addition, multi-party computation (MPC) wallets reduce reliance on single points of failure in the management of keys. Solutions are also available to govern the wallets themselves by, for example, limiting transfer amounts. The reals of the real-world Humans are, of course, part of the security apparatus and are famously its most common point of failure. And while simple errors are known to lead to incidents daily, sometimes we find that an infiltration is tied to an insider voluntarily aiding a threat actor. In some documented instances, North Korean IT workers infiltrated crypto service providers and Web3 companies using fake identities. A recent US Department of Justice (DOJ) case indicted 14 DPRK nationals who, as remote workers, stole proprietary information and extorted their employers to acquire more than $88m. Security best-practice measures must include thorough background checks for potential recruits, and the training of employees to recognize social-engineering tactics. A wake-up call The UAE has a glowing future in crypto adoption if providers can tackle the momentous task of securing assets and transactions. It requires commitment and constant engagement, but it is not an insurmountable challenge. Given the right investment in the right tools and policies, UAE crypto providers can ensure they do not become the next cautionary tale. The writer is the VP – South EMEA, Central & South Asia at Chainalysis.
