INTEL TODAY DIARY — June 28 2017

Three CNN journalists resign over retracted Trump-Russia story — Many firms hit by global cyber-attacks — Syria chemical attack may be being prepared, US warns — ‘Petya’ Ransomware Outbreak Goes Global

Anthony Scaramucci

Three CNN journalists resign over retracted Trump-Russia story — Guardian

CNN on Monday accepted the resignations of three journalists involved in a story about a supposed investigation into a pre-inaugural meeting between an associate of Donald Trump and the head of a Russian investment fund.

On Tuesday, around 6.30am ET, Trump tweeted in response: “Wow, CNN had to retract big story on ‘Russia,’ with 3 employees forced to resign. What about all the other phony stories they do? FAKE NEWS!”

The president then retweeted a tweet from a “clickbaiter & #FakeNews debunker”, featuring the CNN logo altered to read “FNN: Fake News Network”.

Later, using “stories” in the plural without citing additional examples, he added: “Fake News CNN is looking at big management changes now that they got caught falsely pushing their phony Russian stories. Ratings way down!”

The president then broadened his attack: “So they caught Fake News CNN cold, but what about NBC, CBS & ABC? What about the failing @nytimes & @washingtonpost? They are all Fake News!”

The CNN story in question was posted on the network’s website on Thursday and was removed, with all links disabled, on Friday night. CNN immediately apologised to Anthony Scaramucci, the Trump transition team member who was reported to be involved in the meeting.

Many firms hit by global cyber-attacks — BBC

Firms around the globe are reporting that they have been hit by a major cyber-attack.

British advertising agency WPP is among dozens of firms reporting problems.

Ukrainian firms, including the state power distributor and Kiev’s main airport were among the first to report issues.

Some experts have suggested that it could be a ransomware attack, similar to Wannacry which hit last month.

Alan Woodward, a computer scientist at Surrey University, said: “It appears to be a variant of a piece of ransomware that emerged last year.

“It was updated earlier in 2017 by the criminals when certain aspects were defeated. The ransomware was called Petya and the updated version Petrwrap.”

Andrei Barysevich, a spokesman for security firm Recorded Future, told the BBC that it had seen the malware for sale on many forums over the last 12 months.

“It only costs $28 (£22) on the forums,” he said. “But we are not sure if they used the latest version or a new variant of it.

Mr Barysevich said the attacks would not stop because cyber-thieves found them too lucrative.

“A South Korean hosting firm just paid $1m to get their data back and that’s a huge incentive,” he said. “It’s the biggest incentive you could offer to a cyber-criminal.”

Syria chemical attack may be being prepared, US warns — BBC

The US says Syria’s government appears to be preparing for a chemical weapons attack and has warned that it will “pay a very heavy price” if one takes place.

The White House said similar activities had been seen before the nerve agent Sarin was allegedly dropped on rebel-held Khan Sheikhoun in April.

Dozens of people were killed, prompting President Donald Trump to order a missile strike on a Syrian airbase.

Syria’s government denies it is preparing a chemical attack.

Syrian President Bashar al-Assad has previously said the Khan Sheikhoun incident was fabricated.

 (…)

On Tuesday, Pentagon spokesman Capt Jeff Davis said activity had been spotted at the Syrian army’s Shayrat airfield, from where the US says jets departed before the Khan Sheikhoun incident.

“This involved specific aircraft in a specific hangar, both of which we know to be associated with chemical weapons use,” Capt Davis said.

In a statement on Monday, White House spokesman Sean Spicer said the US had “identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children”.

He added that if “Mr Assad conducts another mass murder attack using chemical weapons, he and his military will pay a heavy price”.

The White House provided no supporting evidence or further explanation.

(…)

Speaking to AP on Tuesday, Ali Haidar, the Syrian minister for national reconciliation, dismissed the US allegation.

Russia, meanwhile, said it considered “such threats against the Syrian leadership to be unacceptable”.

Kremlin spokesman Dmitry Peskov criticised the White House’s use of the term “another” chemical weapons attack, pointing out that there had been no independent investigation of the Khan Sheikhoun deaths.

‘Petya’ Ransomware Outbreak Goes Global — Krebs on Security

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain.

According to multiple news reports, Ukraine appears to be among the hardest hit by Petya. The country’s government, some domestic banks and largest power companies all warned today that they were dealing with fallout from Petya infections.

Danish transport and energy firm Maersk said in a statement on its Web site that “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack.” In addition, Russian energy giant Rosneft said on Twitter that it was facing a “powerful hacker attack.” However, neither company referenced ransomware or Petya.

Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers.

Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May. U.S. intelligence agencies assess with medium confidence that WannaCry was the work of North Korean hackers.

Organizations and individuals who have not yet applied the Windows update for the Eternal Blue exploit should patch now. However, there are indications that Petya may have other tricks up its sleeve to spread inside of large networks.

Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.

Petya seems to be primarily impacting organizations in Europe, however the malware is starting to show up in the United States. Legal Week reports that global law firm DLA Piper has experienced issues with its systems in the U.S. as a result of the outbreak.

=

INTEL TODAY DIARY — June 28 2017

This entry was posted in INTEL DIARY and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s