Symantec cites links between WannaCry ransomware and Lazurus, but ICIT calls report a ‘distraction’

Security firm Symantec has found the infrastructure and tools used in the WannaCry attack have strong connections to the hacking group Lazurus — responsible for the massive hack on Sony Pictures and the theft of $81 million from Bangladesh Central Bank.

Symantec researchers analyzed the two major variants of WannaCry, which date back to February. These variants leverage several smaller attacks through April. These earlier versions were nearly identical to the strain used in the massive May 12 WannaCry attack.

Two other security firms — Kaspersky Labs and BAE Systems — found connections between WannaCry and the Lazarus Group’s malware. Google Security researcher Neel Mehta first tweeted the connection between the code of both malware variants on May 15.

The commonalities in the tools, infrastructure and techniques proves it’s highly likely Lazarus is connected to the WannaCry attacks, Symantec Security Response Technical Director Vikram Thakur said.

“Any overlap is from a technology perspective,” Thakur said. “It’s not speculative.”

However, cybersecurity think tank ICIT this week called Symantec’s report as “premature, inconclusive and distracting.”

One of the issues ICIT Senior Fellow James Scott took was the “sharp difference in the level of sophistication of the malware and threat actors, glaring differences in the target demographics and severe variations in the operational procedures of the actors.”

“At best, WannaCry either borrowed heavily from outdated Lazarus code and failed to change elements, such as calls to C2 servers, or WannaCry was a side campaign of a minuscule subcontractor or group within the massive cybercriminal Lazarus APT,” wrote Scott.

The Lazarus Group is known to target the military, financial organizations, media and manufacturers — not healthcare. Scott said that these recent attacks don’t bear the same hallmarks and only “two-thirds of the Lazarus samples had one or more PE resources with Korean locale or Language.”

But Symantec is standing by its claim that parts of WannaCry’s malware variants evolved from the old Lazarus tools. 

While it’s not uncommon for hackers to borrow code from other successful ransomware variants, Thakur said that there are few prevalent cases of the specific Lazarus code in the wild. The presence of the code, infrastructure and techniques in WannaCry are uniquely attributed to Lazarus.

“From a technical perspective, there is very little doubt left in our mind,” Thakur said. “This is the only conclusion we could make.”

Thakur stressed that Symantec cannot say it’s definitely the Lazarus group acting through these attacks or that one member of the group acted alone. 

“Any conclusions made about the attackers’ identity and motivation would be speculative,” he said. “We also do not have information that perpetrates North Korea launching the WannaCry attack. The technical evidence does not allow us to determine if the attack was carried out by an individual or a nation state.”

Twitter: @JessieFDavis
Email the writer: [email protected]

Like Healthcare IT News on Facebook and LinkedIn

Article source:

Posted in Symantec | Comments Off on Symantec cites links between WannaCry ransomware and Lazurus, but ICIT calls report a ‘distraction’

John McAfee Says Bitcoin Boom to Put MGT in the Black – Bloomberg

Guess who’s jumping on the bitcoin bandwagon?

John McAfee, the pioneering and controversial anti-virus software developer, who took over as the chief executive officer of MGT Capital Investments Inc. last year and turned the video-game company into a cybersecurity firm. He expects the money-losing company to be profitable as it ramps up its bitcoin mining business, with the goal of becoming the biggest in the world.

“We will definitely be profitable before the end of the year,” McAfee said in a phone interview Wednesday. “From bitcoin mining, we will get the experience and expertise to apply the blockchain to our security products.”

MGT Capital announced plans last June for the first phase of its bitcoin operation, which was the company’s only revenue driver in the first quarter. It’s stationed in the mountains of Washington state and employs two people, whose primary job is to maintain the air conditioning system for the computers that are doing the mining, McAfee said. MGT Capital has a dozen employees.

The bitcoin venture generated $312,000 in sales for the three months ended March 31, 2017, according to a government filing. The company had a net loss of $5.89 million.

MGT Capital said Monday that it received financing to buy 1,000 mining computers from Chinese firm Bitmain Technologies, bringing the total to around 1,300. It expects to start generating 225 bitcoins per month, up from about 100, which was the most recently disclosed number. The cryptocurrency is currently worth about $2,700 per coin.

Skeptics have warned that there’s a bubble in the making. Bitcoin and other digital currencies like ethereum have surged as more companies embrace the underlying technology and some investors seek financial refuge from political uncertainty across the globe. MGT Capital primarily mines bitcoin, but also has small-scale operations for ethereum and monero, McAfee said.

Read more about the surge in bitcoin and other alternative currencies

“No matter how much government and regulators may scream and complain, there will be a world standard alternative currency,” McAfee said. “Bitcoin appears to be the one… It cannot possibly be a bubble.”

Bitcoin transactions are overseen by a network of so-called miners whose computers perform calculations to validate each transfer, preventing double-spending. Miners earn a reward of newly issued bitcoin. The pace of creation is limited, and no more than 21 million bitcoins will ever be issued.

MGT Capital grabbed investors’ attention last year after naming McAfee CEO. The news sent its shares into a frenzy, but the euphoria quickly faded after the U.S. Securities and Exchange Commission subpoenaed the company and the stock was delisted from the New York Stock Exchange. The company is now embroiled in a lawsuit with Intel Corp. over the use of the McAfee moniker. Intel bought the McAfee computer-security business in 2011, but recently sold its majority stake. McAfee, who wants to change MGT Capital’s name to John McAfee Global Technologies, sued Intel for the right to use his name.

Shares of MGT Capital surged as much as 63 percent Thursday to $1.14 in over-the-counter trading.

MGT Capital employees who aren’t working on bitcoin are focused on the cybersecurity business, which McAfee anticipates will ultimately be the main revenue source as it expands product offerings, and the number of bitcoins left for mining dwindles.

The company’s Sentinel “anti-hacking system,” which consists of software and hardware, can reduce the time a hacker has to operate, according to its website. MGT Capital is also developing a “privacy phone” that features a kill switch.

“I don’t know anyone more capable than me,” said McAfee. “I have never lost in terms of business and I certainly don’t intend to start now.”

    Article source:

Posted in McAfee | Comments Off on John McAfee Says Bitcoin Boom to Put MGT in the Black – Bloomberg

Trend Micro to Host Third Annual Capture the Flag Competition

HONG KONG, CHINA–(Marketwired – May 24, 2017) – Trend Micro Incorporated (TYO: 4704) (TSE: 4704), a global leader in cybersecurity solutions, today announced that it will host Trend Micro CTF 2017 – Raimund Genes Cup, the third annual Capture the Flag (CTF) cybersecurity competition. Trend Micro CTF targets young professionals in the cybersecurity industry to enhance their practical skills in areas such as cybercrimes, targeted attacks, Internet of Things (IoT) and Industrial Control Systems (ICS).

“Our goal is to support and strengthen the skillset of professionals entering the industry to better prepare and protect against today’s most pressing threats,” said Eva Chen, chief executive officer for Trend Micro. “To accomplish our mission of making the digital world safer for everyone, we must support engineers in developing and stretching their cybersecurity knowledge in these specific, relevant areas.”

The competition comprises an online qualifying event and finals held in Tokyo, Japan. The online qualifier is in a “Jeopardy” format, challenging players to solve challenges in various categories, such as SCADA, IoT and targeted attacks. The top ten teams from the online qualifier will advance to compete in the final, which will be played with a combination of “attack and defense” and Jeopardy formats. The final winning team will be awarded JPY 1,000,000 (approximately HK$70,000), Zero Day Initiative Rewards Program1 points, and automatic qualification for HITCON CTF 2017 Final to be held in Taipei, Taiwan.

Trend Micro CTF 2017 – Raimund Genes Cup – Online Qualifier

  • Dates: June 24-25, 2017 (Game starts at 12:00 a.m. ET, June 24, 2017)
  • Requirements: Participants must be at least 20 years old
  • Format: Jeopardy
  • Venue: Online
  • Team registration: May 23-June 25, 2017

Trend Micro CTF 2017 – Raimund Genes Cup – The Final

  • Dates: November 11-12, 2017 (JST)
  • Requirements: The top ten teams from the online event will qualify and receive travel support for attending the finals. Additionally, winners from Egypt National CTF will compete. Each team may have a maximum of four players.
  • Format: A combination of Attack and Defense and Jeopardy
  • Venue: BELLESALLE Nishi Shinjuku, Tokyo, Japan


  • First Place Team:
    — JPY1,000,000 (approximately HK$70,000) per team
    — 15,000 Zero Day Initiative Rewards Program points per player (these points result in eligibility for benefits, including a one-time bonus of HK$15,600) 
    — Automatic qualification for HITCON CTF 2017 Final to be held in Taipei, Taiwan
  •  Second Place Team:
    — JPY300,000 (approximately HK$21,000) per team
  • Third Place Team:
    — JPY200,000 (approximately HK$14,000) per team

To register for the online qualifier and for more information about Trend Micro CTF 2017 – Raimund Genes Cup, please visit:

About Trend Micro
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 5,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit

1For details on Zero Day Initiative Rewards Program, please see

Article source:

Posted in Trend Micro | Comments Off on Trend Micro to Host Third Annual Capture the Flag Competition