Cyberattacks can even take human lives

Cyberattacks by nation-states will soon kill people, either deliberately or unintentionally, a senior security researcher told attendees at the RSA Conference this week.

The May 2017 WannaCry attacks by North Korea and the NotPetya attacks by the Russian military in June 2017 shut down hospitals, disrupted shipping and cost hundreds of millions of dollars in losses — much of it in the form of collateral damage.

It is inevitable, she said during her RSA presentation yesterday (March 5), that future nation-state attacks on such scale will cause loss of life.

"I rarely get to stand up in front of groups and tell them that the news is getting better," Joyce told the crowd. "But if you have purely destructive malware backed by a nation-state, then where does that leave us?"

NotPetya, which targeted tax-collection software that every business in Ukraine was obliged to run, masqueraded as ransomware, Joyce explained. But it was impossible to decrypt the affected data even if a ransom was paid. The goal of NotPetya was purely destructive, and the destruction streamed outward from Ukraine to infect companies and other institutions in 65 other countries.
Part of the collateral damage was at U.S. hospitals, Joyce said, where some patients could not be immediately treated as a result.

"A friend of mine who was suffering from throat cancer was turned away and told to come back next week," Joyce said.

"If you have purely destructive malware backed by a nation-state, then where does that leave us?"
—Sandra Joyce, FireEye senior vice president


Had anyone died as a result of NotPetya, that would have been an unintended consequence of a specific attack on Ukraine's economy. But nation-state malware already exists that is designed to deliberately kill people, according to Joyce.

NSA paid $10 million to RSA for making flawed algorithm to weaken encryption


The US National Security Agency(NSA) has secretly paid $10 million for one of the major & respected security firm RSA, to make a flawed algorithm in order to weaken the encryption, according to exclusive report from Reuters.

In September, New York Times reported a story based on documents leaked by former NSA contractor Edward Snowden that NSA created a flawed formula for generating random numbers to create "backdoor" in encryption software.

Reuters later reported RSA became the lead distributor of the formula by using it into an encryption tool known as Bsafe that is used by software developers to improve security in their products.

Two sources disclosed a new information to Reuters that RSA had received the money in exchange for making the NSA's formula as the default method for number generation in the BSafe software.

In a statement to Reuters, RSA denied the allegations saying "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."

Source: Reuters