The unprecedented global ransomware attack that affected more than 300,000 users may have links to North Korean hackers, cyber security researchers claim.
The invaded the systems of at least a dozen Australian businesses were invaded by the WannaCry ransomware virus, with Russia, China, India and Taiwan among the hardest hit of the 150 countries affected since Friday.
Cyber Security Minister Dan Tehan on Tuesday morning confirmed there had been 12 reported local cases of the ransomware as reports of infections slowed Tuesday.
And as organisations around the world count the cost of the invasive software, two major cyber security firms say they have found some technical clues pointing to North Korea’s possible involvement in the attack.
Symantec and Kaspersky Lab say some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.
“This is the best clue we have seen to date as to the origins of WannaCry,” Kaspersky Lab researcher Kurt Baumgartner told Reuters on Monday.
Both firms said it was too early to tell whether North Korea was involved in the attacks, which slowed to a crawl on Monday but have already become one of the fastest-spreading extortion campaigns on record.
The cyber companies’ research will be closely followed by law enforcement agencies around the world, including the US, where President Donald Trump’s homeland security adviser said on Monday US time that both foreign nations and cyber criminals were possible culprits.
Symantec and Kaspersky said they needed to study the code more and asked for others to help with the analysis.
Hackers are known to reuse code from other operations, making even copied lines fall well short of proof of origin.
US and European security officials told Reuters on condition of anonymity that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.
The Lazarus hackers have been more brazen in pursuit of financial gain than many others, and have been blamed for the theft of $US81 million ($A109 million) from a Bangladesh bank.
The North Korean mission to the United Nations is yet to comment on the latest claims.
No ransom bonanza
US homeland security adviser Tom Bossert said that, as of Monday US time, the perpetrators had raised less than $US70,000 ($A94,000) from users looking to regain access to their computers,
“We are not aware if payments have led to any data recovery,” Mr Bossert said, adding that no US federal government systems had been affected.
Beyond the immediate need to shore up computer defences, the attack has turned cyber security into a political topic in Europe and the US, including discussion of the role national governments play.
In a blog post Sunday, Microsoft Corp President Brad Smith confirmed what researchers already widely concluded: the attack made use of a hacking tool built by the US National Security Agency (NSA) that had leaked online in April.
He poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.
Wall Street’s silver lining
Regardless of the source of the attack and the reason behind it, investors piled into cyber security stocks in the US on Monday, betting on a rush to upgrade their online defences.
Investors are been betting that governments and companies will have to spend more to upgrade their computer security systems in the light of the WannaCry hack.
This led to the tech focused Nasdaq index and the broad S&P 500 both closing at record highs.
– With AAP