Europol: Fresh Cyberattack Likely More Complex

The wave of cyberattacks hitting Europe and North America is similar to last month’s WannaCry ransomware havoc, but appears potentially “more sophisticated,” the European police agency said Wednesday.

Describing it as “another serious ransomware attack,” Europol said “critical infrastructure and business systems” were being targeted “with a new wave of ransomware, which is an updated version of Petya.”

“The attack has caused infections worldwide and has not yet been stopped,” the agency based in The Hague warned Wednesday.

Although director Rob Wainwright said the number of victims was not yet known, Europol has already set up a coordination cell and is “actively monitoring” the spread of the attacks.

“There are clear similarities with the WannaCry attack, but also indications of a more sophisticated attack capability, intended to exploit a range of vulnerabilities,” Wainwright said in a statement.

Petya has been around since 2016, but it does not just encrypt files on infected devices it also overwrites the master boot record.

This has the effect of rendering the computer useless and prevents users from recovering any information, Europol said.

It warned that unlike WannaCry “this attack does not include any type of ‘kill switch’.”

“It is a demonstration of how cybercrime evolves at scale and, once again, a reminder to business of the importance of taking responsible cyber security measures,” added Wainwright.

The malware, which first surfaced on Tuesday in Ukraine, locks away a computer’s data and tells users they must pay to get is all back.

The European police agency urged anyone falling victim to the latest attacks not to pay up, but to report the incident to the police and to isolate and disconnect infected computers from the internet.

Digital Insecurity Is the New Normal

The latest widespread ransomware attack, which has locked up computers in nearly 150 countries, has rightfully captured the world’s attention. But the focus shouldn’t be on the scale of the attack and the immediate harm it is causing, or even on the source of the software code that enabled it (a previous attack against the National Security Agency). What’s most important is that British doctors have reverted to pen and paper in the wake of the attacks. They’ve given up on insecure digital technologies in favor of secure but inconvenient analog ones.

This “back to analog” moment isn’t just a knee-jerk, stopgap reaction to a short-term problem. It’s a rational response to our increasingly insecure internet, and we are going to see more of it ahead.

As part of our research, in 2015 we developed a scenario for the not-so-distant future called “the New Normal,” in which consumers’ baseline belief has flipped from “the internet is basically safe unless I do something stupid” to “the internet is fundamentally insecure, a dangerous neighborhood in which my safety is always at risk.” The impetus for the flipping in that scenario was a flurry of larger, ever more visible hacking attacks — of personal email accounts (Colin Powell and John Podesta) and corporate data (Yahoo and Sony), not to mention bank account information. Last week’s ransomware attack may start to tip a significant proportion of internet users over the edge.

The surprise is not that the frequency of such attacks is accelerating; it’s that it took so long. There are at least three reasons for this acceleration. First, the internet has a fundamentally insecure infrastructure that was initially made for interoperability among a small number of trusted parties, but is now being used by billions who do not know and should not trust one another.

The second reason is that increasingly inventive criminals have become today’s most ambitious internet entrepreneurs. Their work has been made easier by the theft of powerful hacking tools created by and for state security agencies but now available for sale.

Third is the commercial innovation imperative. Consumer demand for digital devices and services keeps pushing companies to the limits of what is technically possible, and then pressing them to go even a little bit further, where security often becomes nice to have but not a necessity.

Silicon Valley has responded creatively, but there’s no silver bullet. Experts have encouraged us all to use two-factor authentication, but text messages can be intercepted even with it. We’ve moved to biometrics, but once a fingerprint or iris scan is stolen, there is no way to change it the way you can change a password. Such security measures are better than nothing, but they won’t repair the internet’s underlying structural flaws.

So what would it mean if we crossed the threshold to digital insecurity? One possibility is that some things we now take for granted — from banking online to electronic medical records — will shift from being seen as common sense to being viewed as scary, dangerous, even reckless.

We know what it looks like when expectations of security in physical environments degrade: People put triple locks on their doors, retreat into gated communities, look over their shoulder as they walk down the street. In our scenario, we’ve imagined the digital equivalent. Will you soon be asked to place your phone and laptop in a locker before you are allowed to enter an office building or a friend’s home? Will you tell your colleagues to call you before they send you an email with an attachment?

Governments will start worrying more about protecting themselves than about innovating in services. Industries like health care and finance will go back to basics. Getting paper money from a bank teller may be less a novelty than a necessity. What happens if your hospital has fully converted to digital X-rays and doesn’t have an analog backup machine lying around? (The British National Health Service is already finding out.)

A society and economy that moves in this direction would be different from the one we have today, and very different from what Silicon Valley is looking to build. Security needs to be made a priority at least as great as innovation right now. We recognize that the consequences of prioritizing security are not all good, and the slowing or reversal of digitization will be a significant headwind for the United States economy even more than for other countries, at a time and in a political environment that really can’t afford such a setback. But there is no other viable choice. You can’t fix a broken foundation by simply building more stories atop the house that rests on it.

The world spends a lot of time right now thinking and dreaming about how life will be digitized, mostly for the better. We don’t yet have a word for even a partial “return to analog,” but we will have to start looking for one at the same time as we work to create a much more secure internet.

The New York Times

Last Week’s Global Cyberattack Was Just the Beginning

A journalist in Istanbul reads a news article about cyberattacks.

A massive cyber-extortion attack known as “WannaCry” wrought havoc across the globe last week, taking out much of Britain’s National Health Service and, in a delicious bit of irony, the Russian Interior Ministry.

The attack was a long time coming, representing the inevitable merging of two plagues that have long ravaged the Internet: the invention of programs that can rapidly infect digital systems and the rise of Internet crime. Without action, WannaCry represents just the first of what will undoubtedly be a long nightmare of self-propagating criminal attacks.

The first Internet plague arose in 1988 when a small program, written by computer scientist Robert Morris Jr., escaped. This program, clearly written as an interesting experiment, ran on a single computer and, from there, attempted to contact other computers. Once it found another computer it attempted to exploit the victim using one of several vulnerabilities. When successful, it copied itself over and started running: First two computers ran the program — then four, then eight. Exponential growth caused it to quickly spread to all vulnerable systems on the Internet. Combined with a bug that caused it to effectively overload its victims, this acted to effectively shut down the Internet of 1988.

This was the inadvertent dawning of the worm, a program that spreads on its own from computer to computer. Since that time we’ve seen many other worms, including Code Red (the first widespread worm in the modern era, infecting 300,000 systems over 13 hours), Slammer (spreading worldwide in 15 minutes and even infecting a nuclear power plant), Blaster (silently infecting hundreds of thousands of Windows computers) and Witty (which took down network security monitors belonging to the US Army).

The second plague crept up on us more subtly in the form of criminals seeking to make money. From spammers hawking Viagra to online bank-robbers seeking to take control over corporate accounts, this plague is organized crime that doesn’t care much about the damage done as long as it makes money. One particularly vile criminal strain involves ransomware: Malicious programs that encrypt a victim’s files and demand money to access them.

The ransomware epidemic is fueled by multiple factors, most notably the presence of both online criminal communities enabling specialization and Bitcoin. Criminal communities enable specialization: Somebody good at coding can write a ransomware framework and sell it to someone who’s good at attacking computers. Many of these communities are Russian, as Russia has a long history of sheltering cyber-criminals who don’t attack Russian interests.

WannaCry is simply the merging of these two plagues. Dealing with such worms is a technical problem — one that researchers have and will continue to focus on. But dealing with online criminals is a policy and economic problem.

Even when we can identify criminals, far too many escape capture unless they are foolish enough to go on vacation from their Russian sanctuary. And since we can’t seem to dissuade Russia from directly attacking Western democracies with its hacking and information operations, it is highly doubtful we can get Russian cooperation on cybercrime.

There is a potential, however, to disrupt payments: Don’t play whack-a-mole on criminals, play whack-a-mole on criminal business models. In the past, cyber-criminals used Liberty Reserve until the U.S. government shut it down and arrested its founder for money laundering. This proved a substantial blow to the criminal underground.

Likewise, ransomware actually looked poised to take off earlier with payments through Green Dot MoneyPak and similar networks, but pressure from the Treasury Department has stifled the cash-out network used by criminals to convert MoneyPak into currency. That leaves Bitcoin as the only game in town for those wanting to conduct cyber-extortion at scale.

Perhaps it is time for the United States to actually take meaningful action against Bitcoin. For non-criminal transactions, Bitcoin is decidedly inferior to all the alternatives, as it is expensive, cumbersome and surprisingly slow. Bitcoin’s only “superiority” over other electronic payment systems is its censorship resistance: There is no central authority that can say “thou shalt not.” Thus, it is only superior for criminal uses such as drug deals or extortion.

US Bitcoin exchanges can be pressured to not enable ransom payments, and the Treasury Department can exert pressure on foreign Bitcoin exchanges to either comply with US money-laundering laws or be cut off from all international bank transactions (not just those transactions which originate in the United States). There is also a possibility for a technical solution: Clogging the Bitcoin network with spam transactions.

Unless something can be done about the presence of payments through criminal-friendly Bitcoin or other means, we can only expect these two merged plagues — the crimeware worms — to continue to create chaos.

(The Washington Post)

Nicholas Weaver is a computer security researcher at the International Computer Science Institute in Berkeley, Calif.

Experts Suspect Pyongyang in Global Cyberattack

cyberattack

Paris – North Korea may have been behind the global cyberattack that has been affecting tens of thousands of government companies and institutions since Friday, experts said.

In the first clues of the origin of the massive ransomware attacks, Google researcher Neel Mehta posted computer code that showed similarities between the “WannaCry” malware and a vast hacking effort widely attributed to Pyongyang.

The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures, said Simon Choi, director of Seoul internet security firm Hauri.

“I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targeting some South Korean companies,” he told AFP.

Choi said Hauri Labs’ findings matched those of Symantec and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Mehta.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyberattack on Sony Pictures in 2014.

Isolated, nuclear-armed North Korea is known to operate an army of thousands of hackers operating in both the North, and apparently China, and has been blamed for a number of major cyberattacks.

North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.

US and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

After days of disruptions affecting networks worldwide, a top US official said the number of computers affected had reached 300,000, but that infection rates had slowed.

Europol said the situation was “stable” after attacks that struck computers in British hospital wards, European car factories and Russian banks.

But according to Michel Van Den Berghe, director of telecom group Orange’s cyber security arm, a “second wave” is to be expected.

Russia, China and India have blamed the United States government for developing the original code.

Tom Bossert, President Donald Trump’s top cyber and homeland security adviser, brushed aside suggestions that the attack stemmed from a flaw discovered by the US National Security Agency and later leaked.

“This was not a tool developed by the NSA to hold ransom data,” he said, noting that no US government systems had been hit.

Russian President Vladimir Putin earlier had suggested the United States bore responsibility.

“A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators,” the Russian leader said on the sidelines of a summit in Beijing.

Russia has recently been accused of cyber meddling in several countries, but Putin said his country had nothing to do with the attack.

US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany’s Deutsche Bahn rail network were among those hit. The attackers demanded money to unblock their computers.

In China, 66 of the country’s universities were affected by the global ransomware attack, authorities said.

The attack blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”

Microsoft: Governments Should Treat Cyberattack as Wakeup Call

An advertisement plays behind a window reflecting a nearby building at the Microsoft office in Cambridge

Washington – From Russia to Spain and from Mexico to Vietnam, cyberattacks targeted thousands of computers, especially in Europe. The unprecedented attack raised fears of electronic chaos after experts expressed their concerns that the virus might spread at the beginning of the work week as millions return to their jobs.

But it seems that government and European companies avoided most of the losses following the electronic attack by WannaCry, a ransomware, which locked up more than 200,000 computers in more than 150 countries.

Europol raised fears that the cyberattack that hit the National Health Service (NHS) services and global businesses “will continue to grow” as people return to work after the weekend. Senior spokesman for Europol, Jan Op Gen Oorth, later told AFP however: “The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.”

In a blog post on Sunday, Microsoft President Brad Smith stated that the ransomware attacked over 200,000 computers using a hacking tool that was built by the US National Security Agency (NSA) and leaked online in April.

“This is an emerging pattern in 2017,” Smith wrote. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”

He also debated that government intelligence services should balance their desire to keep software flaws secret, in order to conduct espionage and cyber warfare, against sharing those flaws with technology companies to better secure the internet.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith wrote. He added that governments around the world should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

He reiterated that governments need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.

That is why, Microsoft called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.

“It’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality,” Smith stressed.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as “Eternal Blue,” was released on the internet last month by a hacking group known as the Shadow Brokers.

The pace of WannaCry slowed late on Friday, after the so-called “ransomware” locked up more than 100,000 computers, demanding owners pay to $300 to $600 get their data back.

French government cyber security agency ANSSI said on Monday carmaker Renault was not the only entity hit by the ransomware cyberattack at the end of last week and warned of other possible attacks soon.

“There are others,” Guillaume Poupard, head of the agency, ANSSI, said. The government body was working with the victims on recovery.

Businesses around the world scrambled on Saturday to prepare for a renewed cyberattack, convinced that a lull in a computer offensive that has stopped car factories, hospitals, schools and other organizations in around 100 countries was only temporary.

Poupard told Reuters that similar attacks are expected in the coming days and weeks.

“Attackers update their software … other attackers will learn from the method and will carry out attacks,” he warned.

Renault stopped production at several sites on Saturday to prevent the spread of a global cyber-attack that hit its computer systems.

British technology experts worked through the night to patch the computer systems of the health service after the ransomware worm forced dozens of hospitals to cancel some operations and appointments, Security Minister Ben Wallace said on Monday.

“The very nature of this particular malware, this sort of ransomware attack, is very potent because unlike more routine ones this one has used a sort of worm to exploit the operating system and bolted on a ransomware so that it spread incredibly quickly in hours not weeks or days,” Wallace explained.

Cyber security experts in the NHS worked alongside the National Cyber Security Center (NCSC), part of the GCHQ spy agency, to patch computer systems after the attack caused widespread problems on Friday, added the minister.

“They have been working I know through the night almost to make sure patches are in place to make sure that hopefully the NHS services can get back to normal,” he told BBC radio.

Wallace denied that underinvestment in the NHS may have left health services exposed to such attacks.

The British government said 48 of 248 health service trusts in England had been impacted by Friday’s attack.

According to King’s Fund think tank, Britain plans to spend about $155 billion on the Department of Health in 2017.

Europol director Rob Wainwright said he had been concerned for some time that the health service was not properly protected, unlike banks that put “a proper strategy in place”.

Wainwright expressed his fears that the virus could spread across other sectors with particular risks today as most workers return to their desks.

“At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning,” he said.

The director explained that the case here is the exploitation of a flaw in the Microsoft operating systems.

Cyberattack Hits 150 Countries in the World

A Bitcoin (virtual currency) paper wallet with QR codes and coins are seen in an illustration picture taken at La Maison du Bitcoin in Paris

World Capitals – Tens of thousands of computers in almost 150 countries were infected with ransomware demanding ransom payments during an international cyberattack, which some experts believe was inspired by a National Security Agency (NSA) tool kit that was leaked last year.

Ransomware is a type of malware that essentially takes over a computer and prevents users from accessing data on their own computer until a ransom is paid.

The virus is believed to be linked with the NSA’s stash of exploits exposed by Shadow Brokers hacker group. It uses a vulnerability in the Windows operating system to infect computers, and then encrypts files, demanding ransom to be paid in Bitcoin cryptocurrency for restoring access. The exploit was patched by Microsoft two months ago, so only computers not running updated software are vulnerable to the virus.

According to cybersecurity experts, the exploit was made public in April by Shadow Brokers, a hacker group that apparently obtained cyberwarfare tools from the NSA.

The malware called “WanaCrypt0r 2.0” infected the British Heath system with more than 20 British hospitals and major companies and FedEx.

Persons behind the attack demanded a ransom between $300 to $600 in Bitcoin per computer to provide the decryption key.

In a statement Saturday, Europol’s European Cybercrime Center, EC3, said the attack “is at an unprecedented level and will require a complex international investigation to identify the culprits.”

EC3 says its Joint Cybercrime Action Taskforce, made up of experts in high-tech crime, “is specially designed to assist in such investigations and will play an important role in supporting the investigation.”

US and British authorities advised companies and people affected by the attack not to pay the ransom demanded to decrypt files that were inflicted.

British National Health Service (NHS) was also affected as British Prime Minister Theresa May announced that a cyberattack initially believed to be targeting only hospitals in the UK has now gone beyond, involving potentially dozens of countries.

A number of NHS organizations have reported they suffered from a ransomware attack.

British Interior Minister Amber Rudd announced on Saturday that 48 of 248 health services in England had been impacted by Friday’s attack, but that all except six were now functioning normally.

British National Cyber Security Centre said it was working round the clock with UK and international partners and with private sector experts to lead the response to these cyber attacks.

Ciaran Martin, CEO of the National Cyber Security Centre, said in a statement that in order to protect against this sort of attack, organizations should “make sure your security software patches are up to date” and “make sure that you are running proper anti-virus software”

French carmaker Renault stopped production at two French sites on Saturday to prevent the spread of a global cyber attack that hit its computer systems, a spokesman said.

“Proactive measures have been put in place, including the temporarily suspension of industrial activity at some sites,” the spokesman said.

Also Nissan announced that its Sunderland plant has been hit by the worldwide ransomware attack with production affected, but had no major impact on the business.

“Like many organizations our plant was subject to a ransomware attack affecting some of our systems on Friday evening,” a spokeswoman confirmed.

In Germany, customer information screens at railway stations were hit but there was no impact on services.

FedEx Corporation confirmed that it is suffering a malware attack and issued a statement on Friday saying its Windows-based systems were “experiencing interference” due to malware and that it was trying to fix the issue as quickly as possible, but it gave no further details.

In Spain, telecommunications giant Telefonica was also infected with malicious ransomware.

Telefonica’s chief data officer, Chema Alonso said on Twitter: “News [of the attack] has been exaggerated and our colleagues are working on it right now.”

In an unusual step, Microsoft provided direct support to unsupported systems that were impacted by ransomware attack across the globe.

In order to ensure as many systems as possible are protected against WannaCrypt ransomware and other attacks, Microsoft has made security patches for Windows XP and other operating systems broadly available to download.

“This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind,” the company told customers.

Russia has been accused of being responsible for the attack, which was denied by authorities as Russian Railways was among the companies compromised by WannaCry, but it didn’t disrupt the services.

“The IT system of Russian Railways has been attacked by a virus. The virus has been isolated. The work to eliminate it and upgrade anti-virus protection is currently underway,” the company told TASS news agency.

Several Russian banks were also attacked by the malware, but their computer networks were not penetrated, the cybersecurity monitoring center FinCert, which is operated by Russia’s central bank, reported on Saturday.

Global Cyberattack Disrupts Britain’s Health System

A fast-moving wave of cyberattacks, apparently exploiting a flaw exposed in documents leaked from the US National Security Agency, have disrupted Britain’s health system and infected computers in nearly 100 countries.

The attacks came in the form of ransomware, a technique used by hackers that locks users’ files unless they pay the attackers a designated sum in the virtual currency Bitcoin.

The malware linked to attacks on hospitals in Britain as well as the Spanish telecom giant Telefonica and the US delivery firm FedEx.

The US Department of Homeland Security’s computer emergency response team said it was aware of ransomware infections “in several countries around the world.”

“We are now seeing more than 75,000 detections… in 99 countries,” Jakub Kroustek of the security firm Avast said in a blog post around 2000 GMT.

Earlier, Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating “worm,” was spreading quickly.

Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly five million emails per hour was spreading the new ransomware.

Private security firms identified the malware as WCry, but analysts were also using variants such as WannaCry.

Forcepoint said in a statement that the attack had “global scope”, affecting organizations in Australia, Belgium, France, Germany, Italy and Mexico.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

In the US, FedEx acknowledged it had been hit by malware and was “implementing remediation steps as quickly as possible.”

The UK’s state-run National Health Service declared a “major incident” after the attack, which forced some hospitals to divert ambulances and scrap operations.

In Spain, major firms including Telefonica were hit, with employees told to shut down workstations immediately through megaphone announcements. Portugal Telecom and Telefonica Argentina both said they were also targeted.

At least 16 organizations within the NHS, some of them responsible for several hospitals each, reported being targeted.

“We are aware that a number of NHS organizations have reported that they have suffered from a ransomware attack.
This is not targeted at the NHS, it’s an international attack and a number of countries and organizations have been affected,” said Prime Minister Theresa May.

Britain’s National Cyber Security Centre and its National Crime Agency were looking into the UK incidents.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

The spread of the ransomware capped a week of cyber turmoil in Europe that kicked off a week earlier when hackers posted a huge trove of campaign documents tied to French candidate Emmanuel Macron just 1-1/2 days before a run-off vote in which he was elected as the new president of France.

On Wednesday, hackers disputed the websites of several French media companies and aerospace giant Airbus.

Cyber Hackers Attack Banks Worldwide

London- Cyber hackers who attacked websites of major financial institutions around the world belong to a criminal group, which seeks to imitate other Russian groups to confuse investigators.

Researchers in BAE Systems for aerospace security said they received and analyzed samples of the malware, which targeted 104 institutions and enterprises, most of them banks in 31 countries.

Researchers found that hackers intentionally used Russian words in their software to distract researchers from their real origins. They noted that hackers used online translation tools, which lack correct meaning in the Russian language.

U.S. ADG News said that this inaccurate translation changed the complete meaning of words in some cases, asserting those hackers were not Russians.

Researchers suggested that hackers sought to confuse and distract investigators from their real identity. Analysis results showed that those hackers belonged to a network known as “Lazarus Group”, active since 2009; Lazarus targets institutions and state and civil companies from South Korea to the United States.

This gang has also been linked to an attack on Sony Pictures Entertainment’s internal network that leaked important data and damaged most of the company’s computers. At that time, U.S. intelligence agencies said this malware was led by North Korea.

Researchers say that Lazarus has been involved in a number of aggressive cyberattacks against financial institutions, including the theft of $81m from Bangladesh’s Central Bank.

In February, malware attacked a number of banks in Poland, in which hackers exploited gaps found in the website of the Polish financial regulator. Researchers from BAE Systems and Semantik linked February’s attacks with others that took place in October and targeted many websites of major banks in Mexico and Uruguay, amid clear footprints for Lazarus.

BAE Systems researchers said that many malware gangs specialized in banks hacking have been active in Russia; they sneak to networks for money stealing purposes and Lazarus has sought to imitate these Russian gangs to distract researchers in their quests.

According to Wikipedia, the number of hackers working with Lazarus is unknown and its structure is also foggy. Experts said that this gang kicked off its activity in this field with a special operation to spy on the South Korean Government in 2009-2012.

Moscow’s Aggression, Source of Concern for the West

Moscow, London- Relations between London and Moscow have deteriorated after Russia’s rising role in hot spots like Ukraine and Syria. but the tension began with the case of Alexander Litvinenko, the former KGB officer who was killed in London in 2006.

According to Andrew Parker, head of Britain’s internal intelligence agency MI5, Russia had been a covert threat for decades, but what differs now from the Cold War era is that more sophisticated tools are at its disposal to pursue its anti-Western agenda.

Speaking to the Guardian newspaper, Parker said that Russia “is using its whole range of state organs and powers to push its foreign policy abroad in increasingly aggressive ways, involving propaganda, espionage, subversion and cyber-attacks. Russia is at work across Europe and in the UK today.”

However, the Kremlin has denounced these allegations and urged Russia’s critics to prove their accusations. Kremlin spokesman Dmitry Peskov told reporters that Parker’s words “do not correspond to reality.”

“Until someone produces proof, Russia will consider those statements unfounded and groundless,” he added.

Moscow was hoping to improve relations with London after the formation of the new government. However, recently, UK Foreign Minister Boris Johnson has heavily criticized Russia, accusing it of targeting a relief convoy to Aleppo and calling for protest before the Russian embassy in the British capital to object the Russian policies.

Russian-British relations have also been tense because Prime Minister Theresa May has launched many negative statements against Moscow.

May has recently called on EU leaders to announce a unified and decisive position on what she considered “Russian aggression.”

Parker’s statements came in conjunction with the UK government’s announcement of plans to invest GBP 1.9 billion to enhance its national cyber-security strategy, which will provide the required funding to protect companies and individuals against cyberattacks.

UK Finance Minister Philip Hammond said that the new strategy will allow taking even greater steps to defend the country in cyberspace and to strike back when attacked.

The new strategy’s announcement has come days after Russia decided to sail a fleet of warships through the English Channel, a move that was heavily criticized by the UK and the European Union.

The United States has also accused Russia of meddling in its presidential elections by hacking a number of official websites despite Kremlin’s denial.