Grangemouth operator 'refused advice'
More cyber attacks feared amid ‘escalating threat’
Companies and public sector bodies are preparing for a second wave of cyber attacks that crippled scores of organisations last week.
Europol said the number of victims had risen to 200,000 in 150 countries and warned of an “escalating threat”.
The National Cyber Security Centre has advised firms how to protect computers as they start the working week. It urged them to install anti-virus software services and back up their data.
It said it knew of attempts to attack organisations other than the NHS, and warned more cases could “come to light” in the UK and elsewhere as the new working week begins.
Microsoft has said the ransomware cyber-attack should be a “wake-up call” for countries.
The software vulnerabilities hoarded by governments had caused “widespread damage”, Microsoft’s chief legal officer Brad Smith said.
The latest virus exploits a flaw in a version of Microsoft Windows first identified by US intelligence.
The attack involved ransomware – known as WannaCry and variants of that name – struck industry and public sector organisations around the world amid concerns that repeat attacks may be imminent.
It was launched using tools believed to have been stolen from the US National Security Agency (NSA) by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a “protest” about US President Donald Trump.
They tricked victims into opening malicious malware attachments to spam emails that seemed to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of between $300 and $600 to restore access. Researchers observed some victims paying via the digital currency bitcoin, though no one knows how much may have been transferred to extortionists because of the largely anonymous nature of such transactions.
A big concern is that staff will have left work on Friday without realising they have been sent an email containing the ransomware virus.
“Most of the attacks are arriving via e-mail, so there are many ‘landmines’ waiting in people’s in-boxes,” said Michael Gazeley, managing director of Network Box, a Hong Kong-based cybersecurity company.
UK Health Secretary Jeremy Hunt was criticised as it emerged that the NHS – a major target for the attackers – has been struggling on 20-year-old computer systems that are vulnerable to cyber gangs.
His colleague the Defence Secretary Michael Fallon was forced to defend Mr Hunt’s department during a television interview. He said cyber threats were identified in a recent review and that a “large chunk” of capital allocated was spent on the NHS.
As companies were issued with a warning to protect their IT systems, there were claims that Ineos which operates key energy installations in Scotland, declined protection against hack attacks.
Ineos, which operates the Grangemouth chemicals plant and recently bought the key oil pipeline that connects the North Sea fields with the mainland, said it could not afford the extra security to defend its installations, according to leaked documents.
The government papers, obtained by Greenpeace Energydesk, claim that Ineos rejected security recommendations made by the Centre for the Protection of National Infrastructure (CPNI) – an agency accountable to MI5 – reportedly arguing that they were unaffordable and would not benefit the company.
Ineos struck a deal with BP last month to purchase the Forties pipeline – which is considered to be one of the most strategically important pieces of North Sea infrastructure.
According to one briefing document drafted by officials: “Ineos has explained that it is not prepared to undertake any of these mitigations because it cannot afford to do so and, even if it could afford this expenditure, it does not see itself as the beneficiary of the enhancements proposed.”
Further, according to the documents, Ineos was “the first and only example to date” of an owner of critical national infrastructure ever to have refused the advice of the CPNI.
Ineos is also reported to have said that if the UK and Scottish governments wanted to improve counter-terrorism security at Grangemouth they should pay for it themselves.
An Ineos spokesperson played down the claims, stating: “We cannot go into detail on our security arrangements at our sites, some of which is confidential for obvious reasons.
“However, I can say that the safety and security of each of our sites around the world is our highest priority. Our sites vary considerably in terms of their size, composition and location and so the security arrangements, that are reviewed on a regular basis, are specifically developed to take into account the specific risk and situation of each facility.”
A security expert on Friday night helped halt the spread of the bug by simply paying a few dollars to register a domain name that, once active, performed the role of a “kill switch” that deactivates the malware.
However, the bug infected many out of date machines and this increased the risk of fresh attacks spreading in the coming days and weeks.
Car makers Nissan in Sunderland and Renault in France were among the latest to be hit. Spanish telecoms firm Telefonica, Portugal Telecom, the US delivery company FedEx and a local authority in Sweden were also affected.
The Scottish Government said there have been no further reported problems with NHS systems in Scotland following the global cyber-attack.
Health Secretary Shona Robison has confirmed that 13 boards have been affected and measures to isolate any issues are now in place, with some systems expected to be operational over the weekend.
- The boards affected are: NHS Borders, NHS Dumfries and Galloway, NHS Fife, NHS Forth Valley, NHS Lanarkshire, NHS Greater Glasgow and Clyde, NHS Tayside, NHS Western Isles, NHS Highlands, NHS Grampian, NHS Ayrshire and Arran, NHS National Services and Scottish Ambulance Service
- In many areas, with the exception of NHS Lanarkshire, the number of PCs or systems affected is in single figures.
- There is no evidence that patient data has been compromised and patient services, including emergency service, are continuing to operate across Scotland.
- Other public bodies are currently running checks on their systems as a precaution ahead of the working week starting on Monday.