By Sewell Chan and Mark Scott
LONDON – Security experts are warning that the global cyberattack that began on Friday is likely to be magnified in the new workweek as users return to their offices and turn on their computers.
Many workers, particularly in Asia, had logged off Friday before the malicious software, stolen from the U.S. government, began proliferating across computer systems around the world. So the true effect of the “ransomware” attack may emerge today as employees return and log in.
Moreover, copycat variants of the malicious software behind the attacks have begun to spread, according to experts. “We are in the second wave,” said Matthieu Suiche of Comae Technologies, a cybersecurity company based in the United Arab Emirates. “As expected, the attackers have released new variants of the malware. We can surely expect more.”
Britain’s National Cyber Security Center said Sunday that it had seen “no sustained new attacks,” but warned that compromised computers might not have been detected yet and that the malware could further spread within networks.
So far, the main targets of the cyberattack have been outside the United States. But neither the federal government nor U.S. corporations assume that this will remain the case.
Over the weekend, the Trump administration’s top security officials, led by the homeland security adviser, Thomas P. Bossert, gathered in the White House Situation Room to assess the threat to U.S. interests, including government agencies, companies and hospitals.
Today could bring a wave of attacks to the United States, warned Caleb Barlow, vice president of threat intelligence for IBM. “How the infections spread across Asia, then Europe overnight will be telling for businesses here in the United States,” he said.
The cyberattack has hit 200,000 computers in more than 150 countries, according to Rob Wainwright, executive director of Europol, the European Union’s police agency.
Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telefonica, the French automaker Renault, universities in China, Germany’s federal railway system and Russia’s Interior Ministry. The most disruptive attacks infected Britain’s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms.
A 22-year-old British researcher who uses the Twitter name MalwareTech has been credited with inadvertently helping to stanch the spread of the assault by identifying the web domain for the hackers’ “kill switch” – a way of disabling the malware. Suiche said he had done the same for one of the new variants of malware to surface since the initial wave.
On Sunday, MalwareTech was one of many security experts warning that a less vulnerable version of the malware is likely to be released. On Twitter, he urged users to immediately install a security patch for older versions of Microsoft’s Windows, including Windows XP. (The attack did not target Windows 10.)
Robert Pritchard, a former cybersecurity expert at Britain’s Defense Ministry, said that security specialists might not be able to keep pace with the hackers.
“This vulnerability still exits; other people are bound to exploit it,” he said. “The current variant will make its way into anti-virus software. But what about any new variants that will come in the future?”
All it would take is for a new group of hackers to change the original malware code slightly to remove the “kill switch” and send it off into the world, using the same email-based methods to infiltrate computer systems that the original attackers used, experts said. Allan Liska, an analyst with Recorded Future, a cybersecurity company, said a new version of the ransomware he examined Sunday did not have the kill switch. “This is probably version 2.1, and it has the potential to be much more effective – assuming security defenders haven’t spent all weekend patching,” he said.
In Britain, the fallout from the attack continued Sunday. Two opposition parties, the Labour Party and the Liberal Democrats, asserted that the governing Conservative Party had not done enough to prevent the attack. With a general election set for June 8, officials are racing to address the problem.
Britain’s defense minister, Michael Fallon, told the BBC on Sunday that the government was spending about 50 million pounds, or $64 million, to improve cybersecurity at the National Health Service, where many computers still run the outdated Windows XP software, which Microsoft had stopped supporting.